VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Přístup odepřen (appdata)

https://forum.viry.cz:443/viewtopic.php?t=139855

Stránka 1 z 5

Přístup odepřen (appdata)

Napsal: 25 srp 2014 18:55
od GuerrCZ
Dobrý den,
Když se snažím naistalovat některé aplikace tak to nejde([Error 5] Přístup byl odepřen: 'C:\\Users\\admin\\AppData\\Roaming\\Raptr'), protože (asi) aplikace nemá přístup do appdata.
Hledal sem po internetu a jsem administrátor, přístup mam povolen a jsem vlastník složky, tak mě napadlo, že to může být virem.
Mam AVG 2014(koupené) a SUPERAntiSpyware(zdarma verze) a ani jedno nic nenašlo tak se obracím na vás.
A tou aplikací to nebude, protože na 2 noteboocích to normálně funguje.
Děkuji.

(Promiňte, jestli to sem dávám po 2., ale když jsem to sem dal po 1. tak sem se vrátil do přihlášení a na fóru jsem svůj příspěvek nenašel)

Navíc mi příjde, že po spuštění PC trvá dlouho než PC ''naběhne''(než se s ním dá normálně pracovat)

Re: Přístup odepřen (appdata)

Napsal: 25 srp 2014 19:09
od GuerrCZ
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by admin (administrator) on ADMIN-PC on 25-08-2014 20:05:49
Running from C:\Users\admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\AVG\AVG2014\Tuneup\TUMicroScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher (2).exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-12] ()
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-14] (Valve Corporation)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [GamingMouseEditor] => C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe [3333120 2012-08-17] ()
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600728 2014-08-25] (Electronic Arts)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {556fcc00-c20d-11e3-b2dd-50e54942102f} - G:\Startme.exe
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {7757da2a-2ecd-11e1-aac2-50e54942102f} - F:\AutoRun.exe
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {7757da43-2ecd-11e1-aac2-50e54942102f} - F:\AutoRun.exe
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {e1e86ab4-5761-11e3-8f55-50e54942102f} - F:\setup.exe
AppInit_DLLs-x32: => "" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\admin\hu86jz51\23950.vbs ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKLM-x32 - (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.p ... 637825&ir=
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {48968504-AF5D-7CF1-B875-7C81FD82F2B2} URL = http://search.conduit.com/ResultsExt.as ... =CT3072253
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - 624342E2D3A94BE5A47DB9E254A55144 URL = http://isearch.avg.com/search?cid={EA0E ... 2012-01-20 07:35:03&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {18E128BE-23DF-43AA-B7E8-39B281D3B273} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {19BB1D2D-3D1A-45CE-B9C9-0B02CB4BBE79} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {33D8DCAE-DB5A-48BB-A4CB-56CC355BBC7C} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {3999A50A-EE8B-40C5-9FAC-87BEA3F78A60} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {488D617C-C0EF-46c0-BF50-7B997610B834} URL = http://uk.search.yahoo.com/search?p={se ... ype=IEBDSV
SearchScopes: HKCU - {676DE352-54FE-4439-8EBC-2F74DBD03EB7} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {71C1095D-B2A0-4549-AC26-D1004A7A8FE5} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {91D73228-6611-417c-83E2-D232220544CE} URL = http://www.google.com/cse?cx=partner-pu ... earchTerms}
SearchScopes: HKCU - {993B1E32-157D-408A-AA46-423C97545F18} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {A7C4C61A-AAD9-4BC2-967A-296E63C840E7} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {B1D5E8A3-91DE-42D9-9AAD-731FA75B4EF9} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {E75ECBAC-DB98-4013-BC29-50DDCDB9F41B} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
Toolbar: HKCU - No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.195.165.131 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: pokki.com/PokkiDownloadHelper -> C:\Users\admin\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll No File
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: MySearchDial - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-07-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-02]
FF HKLM\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.0.5.292
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-26]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-26]
CHR Extension: (Adguard AdBlocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-07-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-18]
CHR Extension: (Adblock na Youtube™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-05-26]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-26]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-18]
CHR Extension: (Adblock Advisor) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo [2014-07-18]
CHR Extension: (Peněženka Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-26]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [ajhcekcffkpnaednoeoegnmnjdlnjjmg] - C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx []
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx []
CHR HKLM-x32\...\Chrome\Extension: [joifgdlkhokekeaenpkaehbnjhncglbh] - C:\ProgramData\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx []
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\admin\AppData\Local\Temp\ccex.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-25] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-28] (Disc Soft Ltd)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-12-21] ()
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-22] (Duplex Secure Ltd.)
U3 asfkpqvt; C:\Windows\System32\Drivers\asfkpqvt.sys [0 ] (Advanced Micro Devices)
S3 X6va006; \??\C:\Users\admin\AppData\Local\Temp\006114F.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 20:05 - 2014-08-25 20:06 - 00028653 _____ () C:\Users\admin\Desktop\FRST.txt
2014-08-25 20:05 - 2014-08-25 20:05 - 00000000 ____D () C:\FRST
2014-08-25 20:04 - 2014-08-25 20:04 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher (2).exe
2014-08-25 20:02 - 2014-08-25 20:02 - 02103296 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-08-25 19:40 - 2014-08-25 19:40 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2014-08-25 19:39 - 2014-08-25 19:40 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-25 18:13 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 18:13 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 18:13 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 18:13 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 18:13 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 18:13 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 18:13 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 18:13 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-25 18:10 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-25 18:10 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-25 18:10 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-25 18:10 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-25 18:10 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-25 18:10 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-25 18:10 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-25 18:10 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-25 18:10 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-25 18:10 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-25 18:10 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-25 18:10 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-25 18:10 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-25 18:10 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-25 18:10 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-25 18:10 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-25 18:10 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-25 18:10 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-25 18:10 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-25 18:10 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-25 18:10 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-25 18:10 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-25 18:10 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-25 18:10 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-25 18:10 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-25 18:10 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-25 18:10 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-25 18:10 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-25 18:10 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-25 18:10 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-25 18:10 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-25 18:10 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-25 18:10 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-25 18:10 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-25 18:10 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-25 18:10 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-25 18:10 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-25 18:10 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-25 18:10 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-25 18:10 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-25 18:10 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-25 18:09 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-25 18:09 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-25 18:09 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-25 18:09 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-25 18:09 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-25 18:09 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-25 18:09 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-25 18:09 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-25 18:09 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-25 18:09 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-25 18:09 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-25 18:09 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-25 18:09 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-25 18:09 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-25 18:09 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-25 18:09 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-25 18:09 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-25 18:09 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-25 18:09 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-25 18:09 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 18:09 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-25 18:09 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-25 18:09 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-25 18:08 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-25 18:08 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-25 18:08 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-25 18:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-25 18:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-25 18:08 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-25 18:08 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-25 18:08 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-25 18:08 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-25 18:08 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-25 18:08 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-25 18:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-25 18:08 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-25 18:08 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-25 18:08 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-25 18:08 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-25 18:08 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-25 18:08 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-25 18:08 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-25 18:08 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-25 18:08 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-25 18:08 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-25 18:08 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-25 18:08 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-25 18:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-25 18:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-25 18:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-25 18:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-25 17:37 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 17:37 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 17:37 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 17:37 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 17:36 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 17:36 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 17:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 17:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 17:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 17:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Program Files (x86)\xp-AntiSpy
2014-08-25 17:17 - 2014-08-25 17:19 - 42508064 _____ (Curse) C:\Users\admin\Desktop\CurseClientSetup.exe
2014-08-25 16:30 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-25 16:12 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-25 16:12 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-08-25 16:11 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-25 16:11 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-25 15:47 - 2014-08-25 15:47 - 00001311 _____ () C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2014-08-25 15:47 - 2014-08-25 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
2014-08-25 15:09 - 2014-08-25 15:09 - 00001399 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-25 15:09 - 2014-08-25 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-25 14:49 - 2014-08-25 14:49 - 00071576 _____ () C:\Users\admin\Desktop\raptr_installer.exe
2014-08-25 14:30 - 2014-08-25 14:30 - 00001537 _____ () C:\Users\Public\Desktop\Wing Commander III.lnk
2014-08-25 14:30 - 2014-08-25 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-08-25 14:11 - 2014-08-25 18:54 - 00496537 ____N () C:\Windows\WindowsUpdate.log
2014-08-04 17:16 - 2014-08-04 17:16 - 00000000 ____D () C:\Users\admin\Documents\Tunngle
2014-08-04 17:16 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-08-04 13:46 - 2014-08-04 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-08-04 09:36 - 2014-08-04 09:36 - 00000000 ____D () C:\Rbackup
2014-08-04 09:31 - 2014-08-04 09:31 - 00000042 _____ () C:\Windows\SysWOW64\AK083E209605E394C.lie
2014-08-03 15:29 - 2014-08-04 13:46 - 00000000 ____D () C:\2-click run
2014-07-26 09:37 - 2014-07-26 09:37 - 00001027 _____ () C:\Users\admin\Desktop\Launcher.exe – zástupce.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 20:06 - 2014-08-25 20:05 - 00028653 _____ () C:\Users\admin\Desktop\FRST.txt
2014-08-25 20:05 - 2014-08-25 20:05 - 00000000 ____D () C:\FRST
2014-08-25 20:04 - 2014-08-25 20:04 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher (2).exe
2014-08-25 20:02 - 2014-08-25 20:02 - 02103296 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-08-25 19:58 - 2011-12-26 15:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-08-25 19:56 - 2014-03-25 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerbal Space Program
2014-08-25 19:56 - 2012-05-31 13:25 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 19:47 - 2012-04-12 07:00 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-25 19:40 - 2014-08-25 19:40 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2014-08-25 19:40 - 2014-08-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-25 19:19 - 2013-12-29 17:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2014-08-25 19:19 - 2013-08-06 17:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-25 19:19 - 2013-05-14 19:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TS3Client
2014-08-25 19:19 - 2013-03-12 14:16 - 00000000 ____D () C:\Users\admin\AppData\Local\PMB Files
2014-08-25 19:19 - 2012-05-30 18:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
2014-08-25 18:55 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 18:55 - 2009-07-14 06:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 18:54 - 2014-08-25 14:11 - 00496537 ____N () C:\Windows\WindowsUpdate.log
2014-08-25 18:54 - 2014-06-04 14:40 - 00007174 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-08-25 18:48 - 2014-03-10 17:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-25 18:48 - 2011-12-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-25 18:47 - 2012-05-31 13:25 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 18:47 - 2011-12-21 15:04 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-08-25 18:47 - 2011-12-21 15:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-25 18:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 18:43 - 2009-07-14 06:45 - 06405976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 18:42 - 2013-07-30 09:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-25 18:42 - 2013-07-30 09:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-25 18:40 - 2011-04-12 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 18:38 - 2011-12-22 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-25 18:34 - 2011-12-22 11:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 18:25 - 2013-07-30 00:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-25 18:18 - 2013-07-30 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 18:11 - 2014-05-06 18:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Program Files (x86)\xp-AntiSpy
2014-08-25 17:19 - 2014-08-25 17:17 - 42508064 _____ (Curse) C:\Users\admin\Desktop\CurseClientSetup.exe
2014-08-25 16:30 - 2012-11-19 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-25 16:30 - 2011-12-21 15:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-25 16:22 - 2011-12-21 15:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-25 16:01 - 2014-01-18 09:17 - 00000000 ____D () C:\Users\admin\AppData\Local\NVIDIA Corporation
2014-08-25 15:47 - 2014-08-25 15:47 - 00001311 _____ () C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
2014-08-25 15:47 - 2014-08-25 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
2014-08-25 15:47 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-25 15:12 - 2011-12-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-25 15:09 - 2014-08-25 15:09 - 00001399 _____ () C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2014-08-25 15:09 - 2014-08-25 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-25 15:09 - 2013-06-03 19:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-25 14:57 - 2014-04-26 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-25 14:49 - 2014-08-25 14:49 - 00071576 _____ () C:\Users\admin\Desktop\raptr_installer.exe
2014-08-25 14:30 - 2014-08-25 14:30 - 00001537 _____ () C:\Users\Public\Desktop\Wing Commander III.lnk
2014-08-25 14:30 - 2014-08-25 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-08-25 14:22 - 2014-01-22 14:07 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BA1E35AC-6D37-4442-BB83-DBA286BEA0AF}
2014-08-25 14:13 - 2014-01-06 15:19 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-08-07 04:06 - 2014-08-25 18:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-25 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 19:37 - 2011-12-25 09:42 - 00110768 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 19:33 - 2011-12-25 09:47 - 00000000 ____D () C:\ProgramData\Origin
2014-08-04 17:16 - 2014-08-04 17:16 - 00000000 ____D () C:\Users\admin\Documents\Tunngle
2014-08-04 13:46 - 2014-08-04 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-08-04 13:46 - 2014-08-03 15:29 - 00000000 ____D () C:\2-click run
2014-08-04 09:36 - 2014-08-04 09:36 - 00000000 ____D () C:\Rbackup
2014-08-04 09:31 - 2014-08-04 09:31 - 00000042 _____ () C:\Windows\SysWOW64\AK083E209605E394C.lie
2014-08-03 07:26 - 2012-08-21 11:43 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Cobalt
2014-08-01 12:21 - 2014-07-19 13:57 - 00000000 ____D () C:\Users\admin\Desktop\KSP_win64
2014-08-01 01:41 - 2014-08-25 18:10 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-25 18:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 23:41 - 2011-12-27 08:37 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-27 08:08 - 2012-09-20 06:42 - 00000000 ____D () C:\Users\admin\Desktop\Word, pdf
2014-07-26 18:49 - 2013-05-31 06:30 - 00000000 ____D () C:\Users\admin\Desktop\Stažené hry
2014-07-26 09:40 - 2014-07-20 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-07-26 09:37 - 2014-07-26 09:37 - 00001027 _____ () C:\Users\admin\Desktop\Launcher.exe – zástupce.lnk

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\nvStInst.exe
C:\Users\admin\AppData\Local\Temp\SAS6_Update.exe
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-30 11:28




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:540.79 GB) (Free:67.04 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:390.62 GB) (Free:162.74 GB) NTFS

Available physical RAM: 4352 MB
Total physical RAM: 8175.18 MB
Percentage of memory in use: 46%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6469FA9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: AVG Internet Security 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\admin\Desktop" je 18662 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Přístup odepřen (appdata)

Napsal: 25 srp 2014 22:30
od motji
Zdravím :)
Máte tam nehodného broučka :D

:arrow: Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

:arrow: Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

Re: Přístup odepřen (appdata)

Napsal: 25 srp 2014 23:03
od GuerrCZ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by admin on po 25.08.2014 at 23:56:43,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1666673100-261464351-4097836267-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_call-of-juarez_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_call-of-juarez_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_mount-blade_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_mount-blade_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_call-of-juarez_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_call-of-juarez_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_mount-blade_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_mount-blade_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{993B1E32-157D-408A-AA46-423C97545F18}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{48968504-AF5D-7CF1-B875-7C81FD82F2B2}



~~~ Files

Successfully deleted: [File] "C:\Users\admin\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\isafe"



~~~ FireFox

Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\user.js
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\conduitcommon
Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\sweetpackstoolbardata
Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\prefs.js

user_pref("CT2304157..clientLogIsEnabled", false);
user_pref("CT2304157..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2304157..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2304157.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2304157.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
user_pref("CT2304157.BrowserCompStateIsOpen_130074581282195192", true);
user_pref("CT2304157.CT2304157", "CT2304157");
user_pref("CT2304157.CT2304157.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2304157&octid=CT2304157&SearchSource=15&CUI=SB_CUI&S
user_pref("CT2304157.ConfigurationLastCheckTime", "Mon Jan 27 2014 14:11:24 GMT+0100");
user_pref("CT2304157.CurrentServerDate", "27-1-2014");
user_pref("CT2304157.DSInstall", true);
user_pref("CT2304157.DialogsAlignMode", "LTR");
user_pref("CT2304157.DialogsGetterLastCheckTime", "Mon Jan 20 2014 16:25:22 GMT+0100");
user_pref("CT2304157.DownloadReferralCookieData", "");
user_pref("CT2304157.FeedLastCount129078895246717929", 50);
user_pref("CT2304157.FeedLastCount129095439763593837", 0);
user_pref("CT2304157.FeedPollDate129078895250311712", "Thu Jul 04 2013 08:04:37 GMT+0200");
user_pref("CT2304157.FeedPollDate129095439763593837", "Thu Jul 04 2013 08:04:37 GMT+0200");
user_pref("CT2304157.FeedPollDate129604942912022444", "Thu Jul 04 2013 08:04:37 GMT+0200");
user_pref("CT2304157.FeedTTL129078895250311712", 40);
user_pref("CT2304157.FirstServerDate", "10-3-2012");
user_pref("CT2304157.FirstTime", true);
user_pref("CT2304157.FirstTimeFF3", true);
user_pref("CT2304157.FixPageNotFoundErrors", true);
user_pref("CT2304157.GroupingServerCheckInterval", 1440);
user_pref("CT2304157.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2304157.HPChangedManually", true);
user_pref("CT2304157.HPInstall", true);
user_pref("CT2304157.HasUserGlobalKeys", true);
user_pref("CT2304157.HomePageProtectorEnabled", false);
user_pref("CT2304157.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
user_pref("CT2304157.Initialize", true);
user_pref("CT2304157.InitializeCommonPrefs", true);
user_pref("CT2304157.InstallationAndCookieDataSentCount", 3);
user_pref("CT2304157.InstallationType", "Unknown");
user_pref("CT2304157.InstalledDate", "Sat Mar 10 2012 12:38:41 GMT+0100");
user_pref("CT2304157.IsAlertDBUpdated", true);
user_pref("CT2304157.IsGrouping", false);
user_pref("CT2304157.IsInitSetupIni", true);
user_pref("CT2304157.IsMulticommunity", false);
user_pref("CT2304157.IsOpenThankYouPage", true);
user_pref("CT2304157.IsOpenUninstallPage", true);
user_pref("CT2304157.IsProtectorsInit", true);
user_pref("CT2304157.LanguagePackLastCheckTime", "Mon Jan 27 2014 14:11:26 GMT+0100");
user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2304157.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2304157.LastLogin_3.10.0.1", "Fri Jan 04 2013 22:18:46 GMT+0100");
user_pref("CT2304157.LastLogin_3.16.0.100", "Thu Jul 04 2013 08:04:35 GMT+0200");
user_pref("CT2304157.LastLogin_3.18.0.7", "Sun Aug 11 2013 16:30:32 GMT+0200");
user_pref("CT2304157.LastLogin_3.19.0.3", "Wed Oct 16 2013 18:55:30 GMT+0200");
user_pref("CT2304157.LastLogin_3.20.0.4", "Mon Jan 27 2014 14:11:26 GMT+0100");
user_pref("CT2304157.LatestVersion", "3.20.0.4");
user_pref("CT2304157.Locale", "en");
user_pref("CT2304157.MCDetectTooltipHeight", "83");
user_pref("CT2304157.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2304157.MCDetectTooltipWidth", "295");
user_pref("CT2304157.MyStuffEnabledAtInstallation", true);
user_pref("CT2304157.OriginalFirstVersion", "3.10.0.1");
user_pref("CT2304157.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2304157.SearchAPILastCheckTime", "Mon Jan 27 2014 14:11:24 GMT+0100");
user_pref("CT2304157.SearchCaption", "XfireXO Customized Web Search");
user_pref("CT2304157.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");
user_pref("CT2304157.SearchFromAddressBarIsInit", true);
user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=2&q=");
user_pref("CT2304157.SearchInNewTabEnabled", true);
user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
user_pref("CT2304157.SearchInNewTabLastCheckTime", "Wed Oct 16 2013 18:55:30 GMT+0200");
user_pref("CT2304157.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2304157.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2304157&octid=CT2304157&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
user_pref("CT2304157.SearchProtectorEnabled", false);
user_pref("CT2304157.SearchProtectorToolbarDisabled", false);
user_pref("CT2304157.SendProtectorDataViaLogin", true);
user_pref("CT2304157.ServiceMapLastCheckTime", "Mon Jan 27 2014 14:11:24 GMT+0100");
user_pref("CT2304157.SettingsLastCheckTime", "Mon Jan 27 2014 14:11:24 GMT+0100");
user_pref("CT2304157.SettingsLastUpdate", "1390753620");
user_pref("CT2304157.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13");
user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Mon Oct 07 2013 14:33:35 GMT+0200");
user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2304157.ToolbarShrinkedFromSetup", false);
user_pref("CT2304157.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2304157");
user_pref("CT2304157.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2304157.UserID", "UN95276445197518826");
user_pref("CT2304157.alertChannelId", "700614");
user_pref("CT2304157.backendstorage./9b+7e+x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e,x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e-x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e.:2z527", "2423");
user_pref("CT2304157.backendstorage./9b+7e.x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e/x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e06cg5el8:", "6E6D6B6E72746E6E7476");
user_pref("CT2304157.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737174787A74747A7C242F4B49474F42357D5D5C3D");
user_pref("CT2304157.backendstorage./9b+7e0x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e1x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e2x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e3x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e4x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e5x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e6x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e7x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e8x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e9x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e:x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e;x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e<x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e=x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e>x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e?x305", "2423");
user_pref("CT2304157.backendstorage./9b+7e@x305", "2423");
user_pref("CT2304157.backendstorage./9b+7eax305", "2423");
user_pref("CT2304157.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
user_pref("CT2304157.backendstorage./9b+7ebx305", "2423");
user_pref("CT2304157.backendstorage./9b+7ecx305", "2423");
user_pref("CT2304157.backendstorage./9b+7edx305", "2423");
user_pref("CT2304157.backendstorage./9b+7etx305", "2423");
user_pref("CT2304157.backendstorage./9b-0?3g>d", "69696E3F6E6E6F447A7044477220744B764D254D227C212A2128542B2424572D5A302F2D");
user_pref("CT2304157.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2304157.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C6675
user_pref("CT2304157.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
user_pref("CT2304157.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2304157.backendstorage./9b5ba==9cjag", "3A6F6E3D6F3E71457A754548477A78494C4B78517C");
user_pref("CT2304157.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6E72746E6E747679717A");
user_pref("CT2304157.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2304157.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2304157.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2304157.backendstorage./9b<:222h64<l8daj", "6D70706F7674727975742A7A7572787E757D20");
user_pref("CT2304157.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2304157.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2304157.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2304157.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2304157.backendstorage.2304157a129604967990223179000000paramsgk2", "7B2275706461746552657154696D65223A313336343130373832383939382C227570646174655265737054696D6522
user_pref("CT2304157.backendstorage.pg_enable", "74727565");
user_pref("CT2304157.backendstorage.url_history0001", "687474703A2F2F756C6F7A2E746F2F78346B316E4C622F706F72742D726F79616C652D332D736B6964726F772D69736F2D30303223646F776E6C6F61
user_pref("CT2304157.countryCode", "CZ");
user_pref("CT2304157.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2304157.globalFirstTimeInfoLastCheckTime", "Mon Oct 07 2013 14:33:37 GMT+0200");
user_pref("CT2304157.homepageProtectorEnableByLogin", true);
user_pref("CT2304157.initDone", true);
user_pref("CT2304157.isAppTrackingManagerOn", false);
user_pref("CT2304157.myStuffEnabled", true);
user_pref("CT2304157.myStuffPublihserMinWidth", 400);
user_pref("CT2304157.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
user_pref("CT2304157.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2304157.navigateToUrlOnSearch", false);
user_pref("CT2304157.oldAppsList", "128883653123969059,128883653123969060,111,128883659132094175,129605088190464378,129604976926455284,129604961880467453,129604111228560478,12
user_pref("CT2304157.revertSettingsEnabled", true);
user_pref("CT2304157.searchProtectorDialogDelayInSec", 10);
user_pref("CT2304157.searchProtectorEnableByLogin", true);
user_pref("CT2304157.testingCtid", "");
user_pref("CT2304157.toolbarAppMetaDataLastCheckTime", "Mon Jan 27 2014 14:11:26 GMT+0100");
user_pref("CT2304157.toolbarContextMenuLastCheckTime", "Mon Oct 07 2013 14:33:36 GMT+0200");
user_pref("CT2304157.usagesFlag", 2);
user_pref("CT3072253..clientLogIsEnabled", false);
user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
user_pref("CT3072253.CT3072253.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=SB_CUI&S
user_pref("CT3072253.CTID", "CT3072253");
user_pref("CT3072253.ConfigurationLastCheckTime", "Mon Jan 27 2014 14:11:26 GMT+0100");
user_pref("CT3072253.CurrentServerDate", "27-1-2014");
user_pref("CT3072253.DSChangedManually", false);
user_pref("CT3072253.DSInstall", true);
user_pref("CT3072253.DSProtectChoice", true);
user_pref("CT3072253.DSProtectCount", 2);
user_pref("CT3072253.DialogsAlignMode", "LTR");
user_pref("CT3072253.DialogsGetterLastCheckTime", "Mon Jan 20 2014 16:25:23 GMT+0100");
user_pref("CT3072253.DownloadReferralCookieData", "");
user_pref("CT3072253.FirstServerDate", "15-3-2012");
user_pref("CT3072253.FirstTime", true);
user_pref("CT3072253.FirstTimeFF3", true);
user_pref("CT3072253.FixPageNotFoundErrors", true);
user_pref("CT3072253.GroupingServerCheckInterval", 1440);
user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT3072253.HPChangedManually", true);
user_pref("CT3072253.HPInstall", true);
user_pref("CT3072253.HPProtectChoice", true);
user_pref("CT3072253.HPProtectCount", 2);
user_pref("CT3072253.HasUserGlobalKeys", true);
user_pref("CT3072253.HomePageProtectorEnabled", false);
user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
user_pref("CT3072253.Initialize", true);
user_pref("CT3072253.InitializeCommonPrefs", true);
user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
user_pref("CT3072253.InstalledDate", "Thu Mar 15 2012 14:44:27 GMT+0100");
user_pref("CT3072253.IsAlertDBUpdated", true);
user_pref("CT3072253.IsGrouping", false);
user_pref("CT3072253.IsInitSetupIni", true);
user_pref("CT3072253.IsMulticommunity", false);
user_pref("CT3072253.IsOpenThankYouPage", true);
user_pref("CT3072253.IsOpenUninstallPage", false);
user_pref("CT3072253.IsProtectorsInit", true);
user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Jan 27 2014 14:11:27 GMT+0100");
user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT3072253.LastLogin_3.16.0.3", "Thu Jul 04 2013 08:04:37 GMT+0200");
user_pref("CT3072253.LastLogin_3.18.0.7", "Sun Aug 11 2013 16:30:34 GMT+0200");
user_pref("CT3072253.LastLogin_3.19.0.3", "Wed Oct 16 2013 18:55:32 GMT+0200");
user_pref("CT3072253.LastLogin_3.20.0.4", "Mon Jan 27 2014 14:11:27 GMT+0100");
user_pref("CT3072253.LastLogin_3.9.0.3", "Fri Jan 04 2013 22:18:46 GMT+0100");
user_pref("CT3072253.LatestVersion", "3.20.0.4");
user_pref("CT3072253.Locale", "en");
user_pref("CT3072253.MCDetectTooltipHeight", "83");
user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT3072253.MCDetectTooltipWidth", "295");
user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
user_pref("CT3072253.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13");
user_pref("CT3072253.SearchAPILastCheckTime", "Mon Jan 27 2014 14:11:25 GMT+0100");
user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
user_pref("CT3072253.SearchEngineBeforeUnload", "uTorrentControl2 Customized Web Search");
user_pref("CT3072253.SearchFromAddressBarIsInit", true);
user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
user_pref("CT3072253.SearchInNewTabEnabled", true);
user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
user_pref("CT3072253.SearchInNewTabLastCheckTime", "Wed Oct 16 2013 18:55:31 GMT+0200");
user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT3072253.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
user_pref("CT3072253.SearchProtectorEnabled", false);
user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
user_pref("CT3072253.SendProtectorDataViaLogin", true);
user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Jan 27 2014 14:11:25 GMT+0100");
user_pref("CT3072253.SettingsLastCheckTime", "Mon Jan 27 2014 14:11:24 GMT+0100");
user_pref("CT3072253.SettingsLastUpdate", "1390753658");
user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Mon Oct 07 2013 14:33:36 GMT+0200");
user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT3072253.UserID", "UN34643949843242862");
user_pref("CT3072253.alertChannelId", "1463702");
user_pref("CT3072253.autoDisableScopes", 0);
user_pref("CT3072253.backendstorage./9b+7e+x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e,x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e-x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e.:2z527", "2423");
user_pref("CT3072253.backendstorage./9b+7e.x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e/x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D6B6E72746E6E7473");
user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737174787A74747A79242F4B49474F42357D5D5C3D");
user_pref("CT3072253.backendstorage./9b+7e0x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e1x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e2x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e3x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e4x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e5x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e6x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e7x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e8x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e9x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e:x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e;x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e<x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e=x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e>x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e?x305", "2423");
user_pref("CT3072253.backendstorage./9b+7e@x305", "2423");
user_pref("CT3072253.backendstorage./9b+7eax305", "2423");
user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C");
user_pref("CT3072253.backendstorage./9b+7ebx305", "2423");
user_pref("CT3072253.backendstorage./9b+7ecx305", "2423");
user_pref("CT3072253.backendstorage./9b+7edx305", "2423");
user_pref("CT3072253.backendstorage./9b+7etx305", "2423");
user_pref("CT3072253.backendstorage./9b-0?3g>d", "3B69716A3F6D71707A6F7475452075487D2025234E24222A56222226272A2C295C5F3133");
user_pref("CT3072253.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3B683E40426E70757A727373757A7A7A777D204F7E");
user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D69716A707371737579797B");
user_pref("CT3072253.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");
user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F7674727975742A7A7572787E757D7C");
user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT3072253.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313338313934323534312C2275756964223A3936303634373835363333363834352C227365715F6964223A392C22737362223A3
user_pref("CT3072253.backendstorage.cb_experience_000", "31");
user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
user_pref("CT3072253.backendstorage.cb_user_id_000", "43423832383139303139303136325F313337363233313630393830375F46697265666F78");
user_pref("CT3072253.backendstorage.cbcountry_000", "435A");
user_pref("CT3072253.backendstorage.cbcountry_001", "435A");
user_pref("CT3072253.backendstorage.cbfirsttime", "546875204D617220313520323031322031343A34343A323920474D542B30313030");
user_pref("CT3072253.backendstorage.cbopenmamsettings", "30");
user_pref("CT3072253.backendstorage.for_aoi", "31333334313535373634");
user_pref("CT3072253.backendstorage.for_ccid", "507261677565");
user_pref("CT3072253.backendstorage.for_cid", "435A");
user_pref("CT3072253.backendstorage.for_ip", "3130392E3233392E37392E313631");
user_pref("CT3072253.backendstorage.for_lcut", "31333831393432353433");
user_pref("CT3072253.backendstorage.for_rid", "3532");
user_pref("CT3072253.backendstorage.for_zoneid", "3136393030");
user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E647569746170
user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");
user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333831393432353431333730");
user_pref("CT3072253.backendstorage.mam_gk_calledsetupservice", "31");
user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A2245617379746F626F6F6B5F7461726765746564222C22637269746572696173223
user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E31302E342E30");
user_pref("CT3072253.backendstorage.mam_gk_existingusersrecoverydone", "31");
user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");
user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333831393432353431373836");
user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465
user_pref("CT3072253.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223834
user_pref("CT3072253.backendstorage.mam_gk_settings1.4.3.2", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315
user_pref("CT3072253.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2238345
user_pref("CT3072253.backendstorage.mam_gk_showclosebutton", "74727565");
user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
user_pref("CT3072253.backendstorage.mam_gk_user_approval_interacted", "31");
user_pref("CT3072253.backendstorage.mam_gk_userid", "31363530383735632D613831362D343131632D383963302D666563323935313035356636");
user_pref("CT3072253.backendstorage.mam_gk_welcomedialogmode", "31");
user_pref("CT3072253.backendstorage.pg_enable", "74727565");
user_pref("CT3072253.backendstorage.searchappstate", "33");
user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");
user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");
user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");
user_pref("CT3072253.backendstorage.sf_user_id", "6369645F34373230313338353138353234383636");
user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313338313934333030313639302C2C2C68747470
user_pref("CT3072253.countryCode", "CZ");
user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Mon Oct 07 2013 14:33:39 GMT+0200");
user_pref("CT3072253.homepageProtectorEnableByLogin", true);
user_pref("CT3072253.initDone", true);
user_pref("CT3072253.isAppTrackingManagerOn", false);
user_pref("CT3072253.myStuffEnabled", true);
user_pref("CT3072253.myStuffPublihserMinWidth", 400);
user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129805375651312503,129749445881800338,129573915102477663,1000080,1000515,1000,
user_pref("CT3072253.revertSettingsEnabled", true);
user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
user_pref("CT3072253.searchProtectorEnableByLogin", true);
user_pref("CT3072253.testingCtid", "");
user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Jan 27 2014 14:11:27 GMT+0100");
user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Oct 07 2013 14:33:39 GMT+0200");
user_pref("CT3072253.usagesFlag", 2);
user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2304157&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
user_pref("CommunityToolbar.ConduitSearchList", "XfireXO Customized Web Search,uTorrentControl2 Customized Web Search");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2304157/CT2304157", "\"84e2e761ab435d7af8d30f7ce347fc133\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"34c0fb2e10c34d3e9841e48663405b613\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/CZ", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/700614/696475/CZ", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2304157", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "b5I8zzzMgsg0XG/fawLlFw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2304157", "uG7mdamLoNmpmgC2c0JctQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3072253", "GNmdGrr6syWWiO5HPrW6Kg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "9uXRY86McHhmOreOHsv6MA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2304157", "jf4tQQjNr2TQ31uHimzTMg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3072253", "inm6N6Ad2DrQKGUsOGzkLg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "I1tfz7EBg4DmNytL9x55lQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2304157", "0BEXfBAJ1PdxmWK9VOejOg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3072253", "6nU8AIjBECdJeC23UVuipQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZI41WLbm1fFgx4gn0bs99Q==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2304157", "ZU6zjERHpZr7lBpInn+HyA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3072253", "Y3Dtc1pIAMMkuUpvgoTeaw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"380ff24abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"2a1a0d7b586ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT2304157&ver=3.20.0.4&client=ToolbarConfiguration", "\"d8cbaca172371be9be3156b162e28cd8\"");
user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT3072253&ver=3.20.0.4&client=ToolbarConfiguration", "\"d8cbaca172371be9be3156b162e28cd8\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2304157", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"7097fd37277b6a1b754b125bd11d0197\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"4f89f4a38f755588644655011577656f\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9f3a2ae02dba56009970813da55d7b17\"");
user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/21817319.xml", "\"b25b63cbd7440788d73b683196baab29\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\j1u9vxj8.default\\conduitCommon\\modules\\3.19.0.3");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2304157,CT3072253");
user_pref("CommunityToolbar.ToolbarsList2", "CT2304157,CT3072253");
user_pref("CommunityToolbar.ToolbarsList4", "CT2304157,CT3072253");
user_pref("CommunityToolbar.globalUserId", "91f491fb-997d-449a-913b-c131749ba8db");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Oct 16 2013 18:55:37 GMT+0200");
user_pref("CommunityToolbar.notifications.alertEnabled", true);
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Oct 16 2013 18:55:40 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Oct 16 2013 18:55:32 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "48536f92-4106-4803-a85f-3289d3d6679d");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Thu Jul 04 2013 08:05:35 GMT+0200");
user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}");
user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,
user_pref("extensions.mysearchdial.aflt", "coolmsd");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0BtDyEzzyB0A0F0DzzzyyByCtBtBtCyBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q");
user_pref("extensions.mysearchdial.cntry", "CZ");
user_pref("extensions.mysearchdial.cr", "272637825");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,32
user_pref("extensions.mysearchdial.dspFFXOld", "Delta Search");
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hdrMd5", "2C9D2F90217CB718D7172EA51A04A530");
user_pref("extensions.mysearchdial.hmpg", true);
user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0BtDyEzzyB0A0F0DzzzyyByCtBtBtCyBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFy
user_pref("extensions.mysearchdial.hpFFXOld", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B81150E54942102F&affID=123511&tsp=4958");
user_pref("extensions.mysearchdial.id", "B0487AFD89762217");
user_pref("extensions.mysearchdial.instlDay", "15869");
user_pref("extensions.mysearchdial.instlRef", "");
user_pref("extensions.mysearchdial.lastB", "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B81150E54942102F&affID=123511&tsp=4958");
user_pref("extensions.mysearchdial.lastVrsnTs", "17:1:19");
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0BtDyEzzyB0A0F0DzzzyyByCtBtBtCyBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBt
user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.sg", "none");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");
user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0BtDyEzzyB0A0F0DzzzyyByCtBtBtCyBtN0D0Tzu0CyDtAtDtN1L2XzutBtFt
user_pref("extensions.mysearchdial.vrsn", "");
user_pref("extensions.mysearchdial.vrsni", "");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "17:1:19");
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "4.0005002");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "hide");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "false");
user_pref("sweetim.toolbar.newtab.enable", "false");
user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.1.callback", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history", "pa%C5%A1tika");
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{680AED16-7C0C-11E1-9EAD-50E54942102F}");
user_pref("sweetim.toolbar.version", "1.9.0.0");
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\j1u9vxj8.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ajhcekcffkpnaednoeoegnmnjdlnjjmg
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 26.08.2014 at 0:02:20,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Přístup odepřen (appdata)

Napsal: 25 srp 2014 23:12
od GuerrCZ
# AdwCleaner v3.308 - Report created 26/08/2014 at 00:06:30
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\ProgramData\AlawarGameBox
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\Browser Tab Search by Ask
Folder Deleted : C:\Users\admin\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\searchplugins\bingp.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\searchplugins\MyStart.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\joifgdlkhokekeaenpkaehbnjhncglbh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8B8119C-F052-4848-AA7E-E14D7EA1CA67}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C63FF79-B440-4432-AFAA-F764D42E3844}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AppDataLow\Software\XfireXO
Key Deleted : HKLM\SOFTWARE\SafetyNut
Key Deleted : HKLM\SOFTWARE\XfireXO
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v9.0.1 (cs)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default\prefs.js ]

Line Deleted : user_pref("CT2304157.CT2304157.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2304157&octid=CT2304157&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT2304157.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3072253.CT3072253.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3072253&octid=CT3072253&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_I[...]
Line Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2304157/CT2304157", "\"84e2e761ab435d7af8d30f7ce347fc133\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"34c0fb2e10c34d3e9841e48663405b613\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/700614/696475/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2304157", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"380ff24abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"2a1a0d7b586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT2304157&ver=3.20.0.4&client=ToolbarConfiguration", "\"d8cbaca172371be9be3156b162e28cd8\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://ip2location.conduit-services.com/ip/?ctid=CT3072253&ver=3.20.0.4&client=ToolbarConfiguration", "\"d8cbaca172371be9be3156b162e28cd8\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2304157", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"7097fd37277b6a1b754b125bd11d0197\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"4f89f4a38f755588644655011577656f\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9f3a2ae02dba56009970813da55d7b17\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/21817319.xml", "\"b25b63cbd7440788d73b683196baab29\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\j1u9vxj8.default\\conduitCommon\\modules\\3.19.0.3");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.3.0.49");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("extensions.irmysearch.aflt", "coolmsd");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0BtDyEzzyB0A0F0DzzzyyByCtBtBtCyBtN0D0Tzu0CyDtAtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q");
Line Deleted : user_pref("extensions.irmysearch.cr", "272637825");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={EA0E3901-A3D7-4A3B-AE84-7A40A5E4DFD5}&mid=7ceb240db4b74d22bb245e69f89fb474-97036283ed5b0753207c8aa4b322d6c120112892&lang=cs&ds=AVG&pr=pr&d=2012-01-20%2007:35:03&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [16725 octets] - [26/08/2014 00:05:19]
AdwCleaner[S0].txt - [16160 octets] - [26/08/2014 00:06:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16221 octets] ##########

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 07:55
od motji
Ten Váš počítač si musel zhluboka vydechnout :D :D
Ještě použijte mbam, log vložte zde http://forum.viry.cz/viewtopic.php?f=29&t=137928

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 08:06
od GuerrCZ
Dobře, jdu na to.
Děkuji, ale chtěl bych se ještě zeptat co to bylo za "nehodného broučka" a jak se tam mohl dostat?

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 08:19
od motji
Těch broučků tam bylo více :D , když se podíváte na log z ADW cleaner, tak najdete výpis pod folder a file. Z internetu, z různých stránek, některé adware se přibalují k různým programům, co se stahují zdarma. Měl jste toho dost :) Byli hodně napadeny registry, zablokovány některé programy a podobně, tohle už je velká infekce :) . Ale zdárně se blížíme ke konci :). Pak Vám doporučím ještě některé antivirové programy na ochranu. :)

Ještě potom použijte ccleaner http://forum.viry.cz/viewtopic.php?f=46&t=7478 a vložte nový log z FRstu :)

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 08:23
od GuerrCZ
CCleaner mám a občas použiju.

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 08:28
od motji
Super, použijte ho potom na registry, at v novém logu z Frstu nevidím zbytky v registrech a neplete mě to :)

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 08:33
od GuerrCZ
Dobře.
Ten scan furt pracuje, už to našlo 6 věcí.

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 09:19
od motji
Mbam? Pujde delší dobu, ale je opravdu důkladný a výborný na infekce :)

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 10:06
od GuerrCZ
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 26.8.2014
Čas skenování: 9:12:42
Protokol: log.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.08.26.01
Databáze rootkitů: v2014.08.21.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: admin

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 600816
Uplynulý čas: 1 hod, 52 min, 18 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 3
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, , [8a9f804b07741d1978d8f0167a89c43c],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [39f0ab2042395fd709d0fc3812f2b64a],
Malware.Trace, HKU\S-1-5-21-1666673100-261464351-4097836267-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [ee3b2aa10e6d280e1833417924dfa25e],

Hodnoty registru: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [39f0ab2042395fd709d0fc3812f2b64a]

Data registru: 0
(No malicious items detected)

Složky: 2
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\dclogs, , [7faa9c2f126940f615f05d8cf90ad62a],

Soubory: 21
PUP.Optional.SweetIM, C:\Windows\Installer\2554b56.msi, , [b4751ab1b6c547ef75cb3dc7996cb848],
PUP.Optional.Sweetim, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe, , [1811b5167dfe4cea989120767e864db3],
PUP.Optional.InstallBrain.A, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[2].exe, , [d455e1ea82f90b2b69e32c6d9173837d],
PUP.Optional.Sweetpacks, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[3].exe, , [8d9c72591e5d7bbb3bc6d4524fb1ec14],
PUP.Optional.InstallBrain.A, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe, , [12178843215ace683617dcbdfa0a2ad6],
PUP.Optional.InstallBrain.A, C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe, , [f0393a914c2f60d6ae9dfd9ca55fb947],
PUP.RiskwareTool.CK, C:\Users\admin\Desktop\StaA3enA© hry\Adobe Photoshop CS6 Extended\DLL FILE\32bit\amtlib.dll, , [ce5bca0119623ef873da69b99c66be42],
PUP.RiskwareTool.CK, C:\Users\admin\Desktop\StaA3enA© hry\Adobe Photoshop CS6 Extended\DLL FILE\64bit\amtlib.dll, , [f831af1ceb90043297b724fed52da858],
Misused.Legit.AI, C:\Users\admin\hu86jz51\AfzlgkO.com, , [f5341cafde9d4ee80fcf501708f920e0],
PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, , [9f8a26a58eed83b37dd15ac8da28f010],
Trojan.JobX, C:\Windows\System32\Tasks\Windows Update Check - 0x16510401, , [8e9bab20f08b22144ee17f723fc3748c],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\04-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\05-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\06-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\07-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\10-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\11-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\imlgs\12-05-2014, , [91989e2d2e4dca6c0b86da35c043926e],
Stolen.Data, C:\Users\admin\AppData\Roaming\dclogs\2013-11-28-5.dc, , [7faa9c2f126940f615f05d8cf90ad62a],
Stolen.Data, C:\Users\admin\AppData\Roaming\dclogs\2013-11-29-6.dc, , [7faa9c2f126940f615f05d8cf90ad62a],
Backdoor.Messa.Gen, C:\Users\admin\AppData\Roaming\Minecraft Account Cracker (1).exe, , [dc4d0fbcf28949eda057ee4dab599769],

Fyzické sektory: 0
(No malicious items detected)


(end)

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 12:23
od motji
Vše smažte :)
Teď to vypadá jak?

Re: Přístup odepřen (appdata)

Napsal: 26 srp 2014 14:33
od GuerrCZ
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by admin (administrator) on ADMIN-PC on 26-08-2014 15:31:42
Running from C:\Users\admin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Gigabyte Technology CO.) C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11858536 2011-06-07] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-12] ()
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-14] (Valve Corporation)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [GamingMouseEditor] => C:\Program Files (x86)\GamingMouseEditor\GamingMouseEditor\GamingMouseEditor.exe [3333120 2012-08-17] ()
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-08-26] (Electronic Arts)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {556fcc00-c20d-11e3-b2dd-50e54942102f} - G:\Startme.exe
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {7757da2a-2ecd-11e1-aac2-50e54942102f} - F:\AutoRun.exe
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {7757da43-2ecd-11e1-aac2-50e54942102f} - F:\AutoRun.exe
HKU\S-1-5-21-1666673100-261464351-4097836267-1000\...\MountPoints2: {e1e86ab4-5761-11e3-8f55-50e54942102f} - F:\setup.exe
AppInit_DLLs-x32: => "" File Not Found
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk
ShortcutTarget: start.lnk -> C:\Users\admin\hu86jz51\23950.vbs ()
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - 624342E2D3A94BE5A47DB9E254A55144 URL = http://isearch.avg.com/search?cid={EA0E ... 2012-01-20 07:35:03&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {18E128BE-23DF-43AA-B7E8-39B281D3B273} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {19BB1D2D-3D1A-45CE-B9C9-0B02CB4BBE79} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {33D8DCAE-DB5A-48BB-A4CB-56CC355BBC7C} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {3999A50A-EE8B-40C5-9FAC-87BEA3F78A60} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {488D617C-C0EF-46c0-BF50-7B997610B834} URL = http://uk.search.yahoo.com/search?p={se ... ype=IEBDSV
SearchScopes: HKCU - {676DE352-54FE-4439-8EBC-2F74DBD03EB7} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {71C1095D-B2A0-4549-AC26-D1004A7A8FE5} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {91D73228-6611-417c-83E2-D232220544CE} URL = http://www.google.com/cse?cx=partner-pu ... earchTerms}
SearchScopes: HKCU - {A7C4C61A-AAD9-4BC2-967A-296E63C840E7} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {B1D5E8A3-91DE-42D9-9AAD-731FA75B4EF9} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {E75ECBAC-DB98-4013-BC29-50DDCDB9F41B} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.195.165.131 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\j1u9vxj8.default
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-02]
FF HKLM\...\Firefox\Extensions: [{17E113E6-CD0E-4045-B154-65F0E57959EF}] - C:\Program Files\IMPI\Firefox
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-26]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-26]
CHR Extension: (Adguard AdBlocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-07-18]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-26]
CHR Extension: (Adblock Plus) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-18]
CHR Extension: (Adblock na Youtube™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-05-26]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-26]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-18]
CHR Extension: (Adblock Advisor) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo [2014-07-18]
CHR Extension: (Peněženka Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-26]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-25] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] ()
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-21] (AVG Technologies)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-28] (Disc Soft Ltd)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-12-21] ()
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-22] (Duplex Secure Ltd.)
U3 avhr8wpf; C:\Windows\System32\Drivers\avhr8wpf.sys [0 ] (Advanced Micro Devices)
S3 X6va006; \??\C:\Users\admin\AppData\Local\Temp\006114F.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 15:31 - 2014-08-26 15:32 - 00025621 _____ () C:\Users\admin\Desktop\FRST.txt
2014-08-26 15:30 - 2014-08-26 15:30 - 00000000 ____D () C:\Users\admin\Desktop\logy (smazat)
2014-08-26 15:29 - 2014-08-26 15:29 - 00000000 ____D () C:\Users\admin\Desktop\doctor
2014-08-26 15:19 - 2014-08-26 15:21 - 20571181 _____ () C:\Users\admin\Desktop\Do-nitra-planety-opic_(www.KinoTip.cz).avi.crdownload
2014-08-26 09:10 - 2014-08-26 15:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 09:10 - 2014-08-26 09:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 09:10 - 2014-08-26 09:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 09:10 - 2014-08-26 09:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 09:10 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 09:10 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-26 09:10 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-26 00:08 - 2014-08-26 15:22 - 00006836 _____ () C:\Windows\PFRO.log
2014-08-26 00:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-26 00:05 - 2014-08-26 00:06 - 00000000 ____D () C:\AdwCleaner
2014-08-26 00:04 - 2014-08-26 00:04 - 01364531 _____ () C:\Users\admin\Desktop\AdwCleaner.exe
2014-08-25 23:56 - 2014-08-25 23:56 - 00000000 ____D () C:\Windows\ERUNT
2014-08-25 23:55 - 2014-08-25 23:55 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-08-25 21:32 - 2014-08-26 15:22 - 00000672 _____ () C:\Windows\setupact.log
2014-08-25 21:32 - 2014-08-25 21:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 20:05 - 2014-08-26 15:31 - 00000000 ____D () C:\FRST
2014-08-25 20:04 - 2014-08-25 20:04 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher (2).exe
2014-08-25 20:02 - 2014-08-25 20:02 - 02103296 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-08-25 19:40 - 2014-08-25 19:40 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2014-08-25 19:39 - 2014-08-25 19:40 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-25 18:13 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 18:13 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 18:13 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 18:13 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 18:13 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 18:13 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 18:13 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 18:13 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-25 18:10 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-25 18:10 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-25 18:10 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-25 18:10 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-25 18:10 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-25 18:10 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-25 18:10 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-25 18:10 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-25 18:10 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-25 18:10 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-25 18:10 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-25 18:10 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-25 18:10 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-25 18:10 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-25 18:10 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-25 18:10 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-25 18:10 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-25 18:10 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-25 18:10 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-25 18:10 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-25 18:10 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-25 18:10 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-25 18:10 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-25 18:10 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-25 18:10 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-25 18:10 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-25 18:10 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-25 18:10 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-25 18:10 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-25 18:10 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-25 18:10 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-25 18:10 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-25 18:10 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-25 18:10 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-25 18:10 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-25 18:10 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-25 18:10 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-25 18:10 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-25 18:10 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-25 18:10 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-25 18:10 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-25 18:09 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-25 18:09 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-25 18:09 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-25 18:09 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-25 18:09 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-25 18:09 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-25 18:09 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-25 18:09 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-25 18:09 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-25 18:09 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-25 18:09 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-25 18:09 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-25 18:09 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-25 18:09 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-25 18:09 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-25 18:09 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-25 18:09 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-25 18:09 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-25 18:09 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-25 18:09 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 18:09 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-25 18:09 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-25 18:09 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-25 18:09 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-25 18:09 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-25 18:08 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-25 18:08 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-25 18:08 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-25 18:08 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-25 18:08 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-25 18:08 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-25 18:08 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-25 18:08 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-25 18:08 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-25 18:08 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-25 18:08 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-25 18:08 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-25 18:08 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-25 18:08 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-25 18:08 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-25 18:08 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-25 18:08 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-25 18:08 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-25 18:08 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-25 18:08 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-25 18:08 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-25 18:08 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-25 18:08 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-25 18:08 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-25 18:08 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-25 18:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-25 18:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-25 18:00 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-25 18:00 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-25 17:37 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-25 17:37 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-25 17:37 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-25 17:37 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-25 17:36 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-25 17:36 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-25 17:36 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-25 17:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-25 17:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-25 17:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-25 17:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Program Files (x86)\xp-AntiSpy
2014-08-25 17:17 - 2014-08-25 17:19 - 42508064 _____ (Curse) C:\Users\admin\Desktop\CurseClientSetup.exe
2014-08-25 16:30 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-25 16:12 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-25 16:12 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-25 16:12 - 2014-07-02 22:48 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-08-25 16:11 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-25 16:11 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-25 15:47 - 2014-08-25 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
2014-08-25 15:09 - 2014-08-25 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-25 14:49 - 2014-08-25 14:49 - 00071576 _____ () C:\Users\admin\Desktop\raptr_installer.exe
2014-08-25 14:30 - 2014-08-25 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-08-25 14:11 - 2014-08-26 15:29 - 00535779 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 17:16 - 2014-08-04 17:16 - 00000000 ____D () C:\Users\admin\Documents\Tunngle
2014-08-04 17:16 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-08-04 13:46 - 2014-08-04 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-08-04 09:36 - 2014-08-04 09:36 - 00000000 ____D () C:\Rbackup
2014-08-04 09:31 - 2014-08-04 09:31 - 00000042 _____ () C:\Windows\SysWOW64\AK083E209605E394C.lie
2014-08-03 15:29 - 2014-08-04 13:46 - 00000000 ____D () C:\2-click run

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 15:32 - 2014-08-26 15:31 - 00025621 _____ () C:\Users\admin\Desktop\FRST.txt
2014-08-26 15:31 - 2014-08-25 20:05 - 00000000 ____D () C:\FRST
2014-08-26 15:31 - 2013-03-12 14:16 - 00000000 ____D () C:\Users\admin\AppData\Local\PMB Files
2014-08-26 15:31 - 2011-12-26 15:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-08-26 15:30 - 2014-08-26 15:30 - 00000000 ____D () C:\Users\admin\Desktop\logy (smazat)
2014-08-26 15:30 - 2009-07-14 06:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 15:30 - 2009-07-14 06:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 15:29 - 2014-08-26 15:29 - 00000000 ____D () C:\Users\admin\Desktop\doctor
2014-08-26 15:29 - 2014-08-25 14:11 - 00535779 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 15:28 - 2014-06-04 14:40 - 00007704 _____ () C:\Windows\SysWOW64\usergui.cfg
2014-08-26 15:28 - 2014-01-23 14:45 - 00000000 ____D () C:\Users\admin\Desktop\REG (CCLEANER)
2014-08-26 15:28 - 2013-05-31 06:30 - 00000000 ____D () C:\Users\admin\Desktop\Stažené hry
2014-08-26 15:23 - 2014-08-26 09:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 15:23 - 2014-03-10 17:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-26 15:23 - 2013-08-06 17:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-26 15:23 - 2012-05-31 13:25 - 00000950 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 15:23 - 2011-12-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-26 15:23 - 2011-12-21 15:04 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-08-26 15:22 - 2014-08-26 00:08 - 00006836 _____ () C:\Windows\PFRO.log
2014-08-26 15:22 - 2014-08-25 21:32 - 00000672 _____ () C:\Windows\setupact.log
2014-08-26 15:22 - 2012-05-31 13:25 - 00000946 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 15:22 - 2011-12-21 15:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-26 15:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 15:21 - 2014-08-26 15:19 - 20571181 _____ () C:\Users\admin\Desktop\Do-nitra-planety-opic_(www.KinoTip.cz).avi.crdownload
2014-08-26 15:03 - 2014-01-22 14:07 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BA1E35AC-6D37-4442-BB83-DBA286BEA0AF}
2014-08-26 14:47 - 2012-04-12 07:00 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 14:37 - 2011-12-22 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-26 11:44 - 2014-02-25 15:33 - 00000000 _RSHD () C:\Users\admin\hu86jz51
2014-08-26 09:11 - 2013-02-16 20:30 - 00000000 ____D () C:\Program Files (x86)\GotClip
2014-08-26 09:10 - 2014-08-26 09:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-26 09:10 - 2014-08-26 09:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 09:10 - 2014-08-26 09:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 00:06 - 2014-08-26 00:05 - 00000000 ____D () C:\AdwCleaner
2014-08-26 00:06 - 2014-04-22 14:55 - 00000000 ____D () C:\Windows\system32\log
2014-08-26 00:04 - 2014-08-26 00:04 - 01364531 _____ () C:\Users\admin\Desktop\AdwCleaner.exe
2014-08-25 23:56 - 2014-08-25 23:56 - 00000000 ____D () C:\Windows\ERUNT
2014-08-25 23:55 - 2014-08-25 23:55 - 01016261 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2014-08-25 23:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 21:32 - 2014-08-25 21:32 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-25 20:04 - 2014-08-25 20:04 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher (2).exe
2014-08-25 20:02 - 2014-08-25 20:02 - 02103296 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-08-25 19:40 - 2014-08-25 19:40 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
2014-08-25 19:40 - 2014-08-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-25 19:19 - 2013-12-29 17:12 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2014-08-25 19:19 - 2013-05-14 19:19 - 00000000 ____D () C:\Users\admin\AppData\Roaming\TS3Client
2014-08-25 19:19 - 2012-05-30 18:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
2014-08-25 18:43 - 2009-07-14 06:45 - 06405976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 18:42 - 2013-07-30 09:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-25 18:42 - 2013-07-30 09:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-25 18:40 - 2011-04-12 10:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 18:34 - 2011-12-22 11:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 18:25 - 2013-07-30 00:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-25 18:18 - 2013-07-30 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 18:11 - 2014-05-06 18:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy
2014-08-25 17:31 - 2014-08-25 17:31 - 00000000 ____D () C:\Program Files (x86)\xp-AntiSpy
2014-08-25 17:19 - 2014-08-25 17:17 - 42508064 _____ (Curse) C:\Users\admin\Desktop\CurseClientSetup.exe
2014-08-25 16:30 - 2012-11-19 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-25 16:30 - 2011-12-21 15:01 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-25 16:22 - 2011-12-21 15:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-25 16:01 - 2014-01-18 09:17 - 00000000 ____D () C:\Users\admin\AppData\Local\NVIDIA Corporation
2014-08-25 15:47 - 2014-08-25 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
2014-08-25 15:47 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-25 15:12 - 2011-12-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-25 15:09 - 2014-08-25 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2014-08-25 15:09 - 2013-06-03 19:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-25 14:57 - 2014-04-26 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-25 14:49 - 2014-08-25 14:49 - 00071576 _____ () C:\Users\admin\Desktop\raptr_installer.exe
2014-08-25 14:30 - 2014-08-25 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wing Commander III
2014-08-25 14:13 - 2014-01-06 15:19 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
2014-08-07 04:06 - 2014-08-25 18:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-25 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 19:37 - 2011-12-25 09:42 - 00110768 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 19:33 - 2011-12-25 09:47 - 00000000 ____D () C:\ProgramData\Origin
2014-08-04 17:16 - 2014-08-04 17:16 - 00000000 ____D () C:\Users\admin\Documents\Tunngle
2014-08-04 13:46 - 2014-08-04 13:46 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2014-08-04 13:46 - 2014-08-03 15:29 - 00000000 ____D () C:\2-click run
2014-08-04 09:36 - 2014-08-04 09:36 - 00000000 ____D () C:\Rbackup
2014-08-04 09:31 - 2014-08-04 09:31 - 00000042 _____ () C:\Windows\SysWOW64\AK083E209605E394C.lie
2014-08-03 07:26 - 2012-08-21 11:43 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Cobalt
2014-08-01 12:21 - 2014-07-19 13:57 - 00000000 ____D () C:\Users\admin\Desktop\KSP_win64
2014-08-01 01:41 - 2014-08-25 18:10 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-25 18:10 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 23:41 - 2011-12-27 08:37 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-27 08:08 - 2012-09-20 06:42 - 00000000 ____D () C:\Users\admin\Desktop\Word, pdf

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\nvStInst.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\SAS6_Update.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-25 23:24




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:540.79 GB) (Free:62.14 GB) NTFS
Drive e: (Nový svazek) (Fixed) (Total:390.62 GB) (Free:162.74 GB) NTFS

Available physical RAM: 4399.02 MB
Total physical RAM: 8175.18 MB
Percentage of memory in use: 46%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6469FA9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\admin\Desktop" je 20004 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Všechny časy jsou v UTC+01:00
Stránka 1 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz