Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Inga (administrator) on INGA-PC on 10-11-2014 18:36:10
Running from C:\Users\Inga\Desktop
Loaded Profile: Inga (Available profiles: Inga)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(COMPANYVERS_NAME) C:\Program Files\GamingWonderland\bar\1.bin\gtbarsvc.exe
() C:\Program Files\Guard-ICQ\GuardICQ.exe
(Pokki) C:\Users\Inga\AppData\Local\Pokki\Engine\pokki.exe
() C:\Windows\snuvcdsm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Users\Inga\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\Inga\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Akamai Technologies, Inc.) C:\Users\Inga\AppData\Local\Akamai\netsession_win.exe
(Nokia) C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
(Akamai Technologies, Inc.) C:\Users\Inga\AppData\Local\Akamai\netsession_win.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ClientConnect Ltd.) C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Bandoo Media Inc.) C:\Program Files\Movies Toolbar\Datamngr\DatamngrUI.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Pokki) C:\Users\Inga\AppData\Local\Pokki\Engine\pokki.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(forum.viry.cz) C:\Users\Inga\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [27184 2009-08-10] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [Google Update] => C:\Users\Inga\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-08] (Google Inc.)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Inga\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [AROReminder] => C:\Program Files\ARO 2012\ARO.exe [2553752 2012-07-27] (Support.com, Inc.)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [icq] => C:\Users\Inga\AppData\Roaming\ICQM\icq.exe [27453288 2013-03-16] (ICQ)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [] => [X]
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [AGupdate] => C:\Program Files\AppGraffiti\AGupdate.exe [894048 2013-03-19] (Omega Partners Ltd)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Inga\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [AppGraffiti] => C:\Program Files\AppGraffiti\AppGraffiti.exe [1220544 2014-07-09] (Omega Partners Ltd)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3290895776-1476708457-2900598802-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files\FantastiGames\GPlayer.exe [4936152 2012-12-04] (Exent Technologies Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll [488448 2014-06-30] () <===== ATTENTION
BootExecute: autocheck autochk * sdnclean.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tb.ask.com/index.jhtml?n=77 ... ewl_gcPSSS
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x61C969E568A7CC01
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60076
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.webisawsome.info/?pid= ... K&unqvl=49
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
URLSearchHook: HKCU - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\10.0\ytdToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - (No Name) - {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files\GamingWonderland\bar\1.bin\gtSrcAs.dll (MindSpark)
URLSearchHook: HKCU - (No Name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
SearchScopes: HKLM - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&sys ... earchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1066435
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.webisawsome.info/?l=1& ... K&unqvl=49
SearchScopes: HKCU - 212B40112BEC4DE2A5E532CC476DB44F URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {0671C531-BC5D-43E6-857B-FD59E02D76C4} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60076
SearchScopes: HKCU - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain. ... earchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {6B01A24D-913E-47EA-9BA5-5788700EC802} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&sys ... earchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1066435
SearchScopes: HKCU - {E3985B47-2E21-410B-A699-477A62E9ABBC} URL = http://www.google.co.uk/search?hl=en&q= ... rms}&meta=
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = http://search.icq.com/search/results.ph ... h_mode=web
BHO: AlllCCheApPRicce -> {03206869-4BFA-0304-FC79-79B1AAB62A4B} -> C:\ProgramData\AlllCCheApPRicce\0DYaU2TW.dll ()
BHO: SaveNaeWaAppz -> {21D69F1A-C0EB-94E3-F11C-5399373A67D7} -> C:\ProgramData\SaveNaeWaAppz\0ASTSX.dll ()
BHO: CheiApME -> {3C6EF946-F8D7-F310-3851-297AC09FF5C0} -> C:\ProgramData\CheiApME\OncHZ.dll ()
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> C:\Program Files\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark)
BHO: JoniCoupon -> {8DF97056-6406-CF00-3C24-F3B12F1417C5} -> C:\ProgramData\JoniCoupon\0m.dll ()
BHO: DoWnSave -> {901EBDE8-FB45-F6F4-A0D3-BCE47B3CDF56} -> C:\ProgramData\DoWnSave\xOErovlL5.dll ()
BHO: HapPy2Save -> {A0E32790-4449-C602-355A-0B1638867430} -> C:\ProgramData\HapPy2Save\k.dll ()
BHO: Search Assistant BHO -> {ab5d199e-9659-47a2-930b-fc3b69061353} -> C:\Program Files\GamingWonderland\bar\1.bin\gtSrcAs.dll (MindSpark)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: FuNDueAls -> {D494AA26-F963-8CD1-ACAA-7563866EDCE2} -> C:\ProgramData\FuNDueAls\EHNQ.dll ()
BHO: GreAtSaveu4U -> {D8304115-A21A-DAC5-F4D7-BFC722C4E79C} -> C:\ProgramData\GreAtSaveu4U\R9TkloTmDn.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: weabsave -> {E58E4609-67D2-B5A9-6901-7445EABE1C6E} -> C:\Program Files\weabsave\oKoYVR.dll ()
BHO: YTD Toolbar -> {F3FEE66E-E034-436a-86E4-9690573BEE8A} -> C:\Program Files\YTD Toolbar\IE\10.0\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - No Name - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - No Name - {f34c9277-6577-4dff-b2d7-7d58092f272f} - No File
Toolbar: HKLM - GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark)
Toolbar: HKLM - No Name - {d1dac034-9fd9-4c13-a388-d2e10e57707f} - No File
Toolbar: HKLM - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\10.0\ytdToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Xacti, LLC)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
FF DefaultSearchEngine: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=B5DF57F4-B424-48AE-B807-A65D09621EE0&n=780ce52a&p2=^Z7^xdm353^YYA^sk&si=124514_jewl_gcPSSS
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=B5DF57F4-B424-48AE-B807-A65D09621EE0&n=780ce52a&ind=2014111018&p2=^Z7^xdm353^YYA^sk&si=124514_jewl_gcPSSS&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\FantastiGames\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin: @GamingWonderland.com/Plugin -> C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll (MindSpark)
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: http://www.exent.com/GameTreatWidget -> C:\Program Files\FantastiGames\NPGameTreatPlugin.dll No File
FF user.js: detected! => C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Inga\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Inga\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Inga\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-29.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-30.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-31.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-32.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-33.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-34.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-35.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-36.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-37.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\iMeshWebSearch.xml
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: AppGraffiti - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\AppGraffiti@AppGraffiti.com [2014-06-16]
FF Extension: Conduit Engine - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\engine@conduit.com [2011-03-22]
FF Extension: BBIItSaveer - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\eyuamdw@roquuui.co.uk [2014-06-16]
FF Extension: RegularDoealos - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\gqttt-x@x-ueeitfq.co.uk [2014-06-16]
FF Extension: GamingWonderland - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\gtffxtbr@GamingWonderland.com [2014-06-16]
FF Extension: SNT - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\ibcwrar@ifzqvsp.co.uk [2014-02-28]
FF Extension: GreeatSave4U - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\olaeya91@e-okhdl.edu [2014-09-21]
FF Extension: GrEatSAuvE4U - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\poa_p@cqxvfakog.org [2014-06-16]
FF Extension: SaaVeNewaAappz - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\qkdcyiua@liee.com [2014-09-21]
FF Extension: AllCheapPRice - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\sldb30g.vz@koaiiycmvd.edu [2014-09-21]
FF Extension: DoWnSave - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\uauvhzbq@auoaoaeu.com [2014-04-18]
FF Extension: wweebsave - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\utudntl-arwm@g-dzvmcr.org [2014-02-28]
FF Extension: YoutubeAdblocker - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\yyazkorj@ouuayhtr.net [2014-02-28]
FF Extension: Music Box Toolbar (Dist. by Musiclab, Inc.) - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{104d74b8-67eb-4f25-8294-04eecfa292e4} [2013-08-30]
FF Extension: BrotherSoft Extreme - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2014-09-21]
FF Extension: Ask New Tabs - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{66A8F3DF-F5DF-DE16-2051-B2D6538E66D1} [2014-06-16]
FF Extension: ICQ Toolbar - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013-03-18]
FF Extension: Clipmarks - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2011-02-28]
FF Extension: Search-Results Toolbar - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012-11-29]
FF Extension: Speed Dial - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-05-22]
FF Extension: Address Bar Search - C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2013-10-26]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-28]
FF HKLM\...\Firefox\Extensions: [gtffxtbr@GamingWonderland.com] - C:\Program Files\GamingWonderland\bar\1.bin
FF Extension: GamingWonderland - C:\Program Files\GamingWonderland\bar\1.bin [2013-09-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Music Box Toolbar) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaiihjniipljfegaknmbkneamnoajd [2013-09-01]
CHR Extension: (SNT) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonojoidljgmhpibeajlnjfpfpakhido [2014-02-28]
CHR Extension: (Inbox Toolbar) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl [2013-11-15]
CHR Extension: (Hulu TV Shows) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk [2014-07-03]
CHR Extension: (Minimal Memory) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo [2014-02-28]
CHR Extension: (DoWnSave) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclamlnoncbffafekbpekkdgcelljpff [2014-03-07]
CHR Extension: (Google Webspam Report) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2014-08-05]
CHR Extension: (GrEatSAuvE4U) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihgphmlgnjcljoleloblkhmckhnfjgp [2014-05-22]
CHR Extension: (wweebsave) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfalpolbphlehldfkheebkndjgpcboap [2014-02-28]
CHR Extension: (New Tab Assistant) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof [2014-07-01]
CHR Extension: (YoutubeAdblocker) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibpjdkikmpilfbphphpfbbjlgomeclja [2014-02-28]
CHR Extension: (BBIItSaveer) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lelcegenpoagkefkdlbebbhajnnnlgok [2014-05-23]
CHR Extension: (Skype Click to Call) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-17]
CHR Extension: (HostCabinet Who is hosting that website) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljhfacjpknfplpagpnillgkiepplbjd [2014-09-07]
CHR Extension: (GQueues Chrome Extension) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaboplgcinooacenccbofkaadcfbkkb [2014-06-11]
CHR Extension: (Shopping Helper) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-07-01]
CHR Extension: (Peňaženka Google) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Facebook chat ninja) - C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpjjjllflgmpkilimeigakgedfklmno [2014-06-11]
CHR HKLM\...\Chrome\Extension: [aaaaiihjniipljfegaknmbkneamnoajd] - C:\Users\Inga\AppData\Local\bearsharemusicboxtoolbar\GC\toolbar.crx [2013-06-19]
CHR HKLM\...\Chrome\Extension: [apgjagobplilmcdfelodhgefiidomnfl] - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx [2013-11-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Inga\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DatamngrCoordinator; C:\Program Files\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3573248 2014-06-30] (Bandoo Media Inc.)
R2 GamingWonderlandService; C:\Program Files\GamingWonderland\bar\1.bin\gtbarsvc.exe [42504 2013-09-02] (COMPANYVERS_NAME)
R2 Guard.Mail.ru; C:\Program Files\Guard-ICQ\GuardICQ.exe [1564368 2013-03-16] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TBSrv; C:\Program Files\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-03-31] (ClientConnect Ltd.)
S3 {03732923-964C-4720-8B7C94830B7C0FAD}; C:\Windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files\Movies Toolbar\Datamngr\setmgrc2.cfg [34168 2014-06-30] (Bandoo Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761280 2009-09-10] ()
S3 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [7168 2009-09-28] () [File not signed]
R2 X6XSEx_Pr143; C:\Program Files\FantastiGames\X6XSEx_Pr143.Sys [47432 2012-08-02] (Exent Technologies Ltd.)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 18:36 - 2014-11-10 18:36 - 00036867 _____ () C:\Users\Inga\Desktop\FRST.txt
2014-11-10 18:35 - 2014-11-10 18:15 - 00112640 _____ (forum.viry.cz) C:\Users\Inga\Desktop\FRSTLauncher.exe
2014-11-10 18:33 - 2014-11-10 18:33 - 00000000 ____D () C:\Users\Inga\Documents\ProcAlyzer Dumps
2014-11-10 18:25 - 2014-11-10 18:36 - 00000000 ____D () C:\FRST
2014-11-10 18:25 - 2014-11-10 18:20 - 01107968 _____ (Farbar) C:\Users\Inga\Desktop\FRST.exe
2014-11-10 18:23 - 2014-11-10 18:23 - 02116096 _____ (Farbar) C:\Users\Inga\Downloads\FRST64.exe
2014-11-10 18:22 - 2014-11-10 18:22 - 00112107 _____ (forum.viry.cz) C:\Users\Inga\Downloads\VerzeOS.exe
2014-11-10 18:20 - 2014-11-10 18:20 - 01107968 _____ (Farbar) C:\Users\Inga\Downloads\FRST.exe
2014-11-10 18:15 - 2014-11-10 18:15 - 00112640 _____ (forum.viry.cz) C:\Users\Inga\Downloads\FRSTLauncher.exe
2014-11-10 17:59 - 2014-11-10 17:59 - 00006372 _____ () C:\Windows\PFRO.log
2014-11-10 17:59 - 2014-11-10 17:59 - 00000056 _____ () C:\Windows\setupact.log
2014-11-10 17:59 - 2014-11-10 17:59 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Windows\pss
2014-11-10 17:50 - 2014-11-10 17:50 - 00469488 _____ () C:\Users\Inga\Documents\cc_20141110_174956.reg
2014-11-10 17:50 - 2014-11-10 17:50 - 00001872 _____ () C:\Users\Inga\Documents\cc_20141110_175022.reg
2014-11-10 17:47 - 2014-11-10 17:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-10 17:47 - 2014-11-10 17:46 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-10 17:47 - 2013-01-12 03:30 - 00859552 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-11-10 17:47 - 2013-01-12 03:30 - 00780192 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-11-10 17:46 - 2014-11-10 17:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-10 17:46 - 2014-11-10 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-10 17:44 - 2014-11-10 17:44 - 00638888 _____ (Oracle Corporation) C:\Users\Inga\Downloads\chromeinstall-8u25.exe
2014-11-10 17:14 - 2014-11-10 18:34 - 00012458 _____ () C:\Windows\wininit.ini
2014-11-10 16:34 - 2014-11-10 16:34 - 00001060 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-11-10 16:34 - 2014-11-10 16:34 - 00001048 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-11-10 16:18 - 2014-11-10 16:18 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-10 16:18 - 2014-11-10 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-10 16:18 - 2014-11-10 16:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-10 16:17 - 2014-11-10 16:18 - 04976456 _____ (Piriform Ltd) C:\Users\Inga\Downloads\ccsetup419.exe
2014-11-10 16:09 - 2014-11-10 16:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-11-10 16:09 - 2014-11-10 16:09 - 00002135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-10 16:09 - 2014-11-10 16:09 - 00002123 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-10 16:09 - 2014-11-10 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-10 16:09 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-11-10 16:06 - 2014-11-10 16:08 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Inga\Downloads\spybot-2.4.exe
2014-10-30 08:40 - 2014-10-30 08:40 - 00000000 ____D () C:\Program Files\YTD Toolbar
2014-10-26 17:07 - 2014-10-26 17:07 - 00000000 ____D () C:\ProgramData\DeleteAd
2014-10-16 06:59 - 2014-10-10 02:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 06:59 - 2014-10-10 02:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 06:59 - 2014-10-10 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 06:59 - 2014-09-29 01:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 06:58 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 06:58 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 06:58 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 06:58 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 06:58 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 06:58 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 06:58 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 06:58 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 06:58 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 06:58 - 2014-09-19 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 06:58 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 06:58 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 06:58 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 06:58 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 06:58 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 06:58 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 06:58 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 06:58 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 06:58 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 06:58 - 2014-09-19 01:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 06:58 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 06:58 - 2014-09-19 01:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 06:58 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 06:58 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 06:58 - 2014-09-19 01:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 06:58 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 06:58 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 06:58 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 06:58 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 06:58 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 06:58 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 06:57 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 06:57 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 06:57 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 06:57 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 06:57 - 2014-07-17 02:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 06:57 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 06:57 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 06:57 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 06:57 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 06:57 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 06:57 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 06:57 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 06:57 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 06:57 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 06:57 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 06:56 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 18:33 - 2014-06-30 19:26 - 00000000 ____D () C:\ProgramData\Datamngr
2014-11-10 18:32 - 2009-11-13 22:07 - 00000000 ____D () C:\Users\Inga\AppData\Roaming\Skype
2014-11-10 18:25 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 18:25 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 18:07 - 2009-11-12 14:45 - 01332709 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 17:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 17:56 - 2012-11-24 11:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 17:56 - 2010-05-08 08:21 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895776-1476708457-2900598802-1000UA.job
2014-11-10 17:46 - 2013-01-16 17:33 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-10 17:46 - 2013-01-16 17:33 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-10 17:46 - 2013-01-16 17:33 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-10 17:46 - 2011-02-02 15:25 - 00000000 ____D () C:\Program Files\Java
2014-11-10 17:19 - 2009-11-13 21:21 - 00062640 _____ () C:\Users\Inga\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 17:19 - 2009-07-14 05:33 - 00286744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-10 17:16 - 2014-02-28 15:31 - 00000000 ____D () C:\Program Files\SNT
2014-11-10 17:14 - 2009-11-15 10:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-10 16:34 - 2010-05-09 18:17 - 00000000 ____D () C:\Program Files\TeamViewer
2014-11-10 16:32 - 2011-02-02 15:07 - 00000000 ____D () C:\Users\Inga\AppData\Local\iMesh
2014-11-10 16:32 - 2011-01-24 20:30 - 00000000 ____D () C:\Users\Inga\AppData\Roaming\Media Player Classic
2014-11-10 16:31 - 2010-01-23 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-11-10 16:31 - 2009-11-12 21:32 - 00000000 ____D () C:\Windows\Panther
2014-11-10 16:09 - 2009-11-15 10:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-11-10 15:44 - 2011-02-28 21:54 - 00000000 ____D () C:\Program Files\Crawler
2014-11-10 15:19 - 2013-11-08 19:03 - 00000000 ____D () C:\Users\Inga\AppData\Local\Pokki
2014-11-09 20:59 - 2009-11-12 14:47 - 00719820 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 14:18 - 2014-01-29 12:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-02 18:50 - 2009-07-14 05:53 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-30 12:24 - 2009-11-12 15:19 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 13:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-28 12:56 - 2010-05-08 08:21 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895776-1476708457-2900598802-1000Core.job
2014-10-17 09:04 - 2014-06-25 20:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 07:48 - 2014-08-13 20:11 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-10-17 07:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-10-16 12:58 - 2013-08-16 13:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 12:58 - 2009-11-13 15:05 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 07:29 - 2012-04-25 12:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-14 18:17 - 2014-02-28 20:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 09:16 - 2013-11-27 17:35 - 00000000 ____D () C:\Users\Inga\Desktop\Dominika dokumenty
Files to move or delete:
====================
C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll
C:\Users\Inga\JoniCoupon.2.9.dat
Some content of TEMP:
====================
C:\Users\Inga\AppData\Local\Temp\NEventMessages.dll
C:\Users\Inga\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-11-26 13:11
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:146.48 GB) (Free:11.49 GB) NTFS
Drive d: () (Fixed) (Total:319.18 GB) (Free:318.73 GB) NTFS
Available physical RAM: 1758.67 MB
Total physical RAM: 3037.12 MB
Percentage of memory in use: 42%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AFB3AFB3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.2 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895776-1476708457-2900598802-1000Core.job => C:\Users\Inga\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895776-1476708457-2900598802-1000UA.job => C:\Users\Inga\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Inga.job => C:\PROGRA~1\NORTON~2\Engine\370~1.18\Nss.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Windows\system32\http:Anglický pacient - CZ dabing-oskarový film.3gp
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Security Center ==================
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Inga\Desktop" je 106281 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Application Restart #3
C:\Users\Inga\AppData\Local\Pokki\Engine\pokki.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Inga\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Exetender
"C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamingWonderland Browser Plugin Loader
C:\PROGRA~1\GAMING~2\bar\1.bin\gtbrmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamingWonderland Search Scope Monitor
"C:\PROGRA~1\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui
"C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar
"C:\Program Files\Inbox Toolbar\Inbox.exe" /STARTUP [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Inga^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk
C:\Users\Inga\LimeWire\LimeWire.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Inga^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu logu.
- Přílohy
-
- Addition.zip
- (10.25 KiB) Staženo 75 x
Re: Prosím o kontrolu logu.
Zdravim 
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Po spusteni probehne stazeni databaze
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
- Do okna vlozte skript nize
Kód: Vybrat vše
autoclean; emptyclsid; iedefaults; FFdefaults; CHRdefaults; emptyalltemp; resethosts;- Nasledne kliknete na Run Script
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu.
Zoek.exe v5.0.0.0 Updated 10-November-2014
Tool run by Inga on po 10. 11. 2014 at 19:24:05,97.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Inga\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10. 11. 2014 19:26:16 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0671C531-BC5D-43E6-857B-FD59E02D76C4} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{CCB69577-088B-4004-9ED8-FF5BCC83A039} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{901EBDE8-FB45-F6F4-A0D3-BCE47B3CDF56} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{03206869-4BFA-0304-FC79-79B1AAB62A4B} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{21D69F1A-C0EB-94E3-F11C-5399373A67D7} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D8304115-A21A-DAC5-F4D7-BFC722C4E79C} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{a8625cb7-85fe-4936-92a4-b2a7c925209e} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\gtffxtbr@GamingWonderland.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\prefs.js:
ProfilePath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_201410.11._1934_.backup
==== Deleting Files \ Folders ======================
C:\Windows\system32\appdata deleted
C:\Users\Inga\AppData\LocalLow\{03206869-4BFA-0304-FC79-79B1AAB62A4B} deleted
C:\Users\Inga\AppData\LocalLow\{21D69F1A-C0EB-94E3-F11C-5399373A67D7} deleted
C:\Users\Inga\AppData\LocalLow\{3C6EF946-F8D7-F310-3851-297AC09FF5C0} deleted
C:\Users\Inga\AppData\LocalLow\{75650020-36BB-D59A-77B5-7E77CD7908D3} deleted
C:\Users\Inga\AppData\LocalLow\{8DF97056-6406-CF00-3C24-F3B12F1417C5} deleted
C:\Users\Inga\AppData\LocalLow\{901EBDE8-FB45-F6F4-A0D3-BCE47B3CDF56} deleted
C:\Users\Inga\AppData\LocalLow\{A0E32790-4449-C602-355A-0B1638867430} deleted
C:\Users\Inga\AppData\LocalLow\{A993C732-BB8F-D11F-DEFB-BE492EDB0098} deleted
C:\Users\Inga\AppData\LocalLow\{D494AA26-F963-8CD1-ACAA-7563866EDCE2} deleted
C:\Users\Inga\AppData\LocalLow\{E58E4609-67D2-B5A9-6901-7445EABE1C6E} deleted
C:\Program Files\Alawarhry.cz deleted
C:\Users\Inga\AppData\Roaming\Sammsoft deleted
C:\Users\Inga\AppData\Roaming\GetRightToGo deleted
C:\Users\Inga\AppData\Roaming\ICQ Search deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\ICQ deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Inga\AppData\Local\bearsharemusicboxtoolbar deleted
C:\Users\Inga\AppData\Local\BearShare deleted
C:\Users\Inga\AppData\Local\Pokki deleted
C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\Inga\AppData\LocalLow\bearsharemusicboxtoolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\sqlite3.tmp deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\.autoreg deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\bearsharemusicboxtoolbar deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ICQToolbarData deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ilividmoviestoolbar181 deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ilividtoolbarguid deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\CT2776682 deleted
C:\Users\Inga\Desktop\Dominika dokumenty\iLivid.lnk deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\ibcwrar@ifzqvsp.co.uk deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\{104d74b8-67eb-4f25-8294-04eecfa292e4} deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\conduit deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ConduitEngine deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\gtffxtbr@GamingWonderland.com deleted
"C:\Windows\Installer\1377c.msi" deleted
"C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\ytd@mybrowserbar.com" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
- Ask New Tabs - %ProfilePath%\extensions\{66A8F3DF-F5DF-DE16-2051-B2D6538E66D1}
- Clipmarks - %ProfilePath%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- ICQ Toolbar - %AppDir%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
A9C86900D2A61728C8326FE7147617C5 - C:\Users\Inga\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
FE5EBC41BC74FEB22D64FCB715F067F5 - C:\Users\Inga\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
4CD25DDA1221224BB92591756ED12602 - C:\Users\Inga\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
A0D63D14016C75D718F5432B13FC6576 - C:\Users\Inga\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
A847F61BACFA2C4E3E0B0F9431BB5245 - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
053E986A84F5EE271D38896B8079157D - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.110.21
F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} deleted
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Inga\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Inga\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
apgjagobplilmcdfelodhgefiidomnfl - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx[]
SNT - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonojoidljgmhpibeajlnjfpfpakhido
Hulu TV Shows - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk
Minimal Memory - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo
Google Webspam Report - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj
HostCabinet Who is hosting that website - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljhfacjpknfplpagpnillgkiepplbjd
GQueues Chrome Extension - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaboplgcinooacenccbofkaadcfbkkb
Facebook chat ninja - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpjjjllflgmpkilimeigakgedfklmno
==== Chromium Fix ======================
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonojoidljgmhpibeajlnjfpfpakhido deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aonojoidljgmhpibeajlnjfpfpakhido_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aonojoidljgmhpibeajlnjfpfpakhido deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_babdabjblhdjecooajkeenhbaegcdcgk_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_coibnogmjcpbccgjofoiklnfpbbjbapo_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljhfacjpknfplpagpnillgkiepplbjd deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lljhfacjpknfplpagpnillgkiepplbjd_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaboplgcinooacenccbofkaadcfbkkb deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfaboplgcinooacenccbofkaadcfbkkb_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpjjjllflgmpkilimeigakgedfklmno deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojpjjjllflgmpkilimeigakgedfklmno_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{E3985B47-2E21-410B-A699-477A62E9ABBC} Google Url="http://www.google.co.uk/search?hl=en&q= ... rms}&meta="
==== Reset Google Chrome ======================
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A70E2CF2B2845AB45B4E29686250581B deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\8117feab-1165-410a-90ed-a4a10a10bc62 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\apgjagobplilmcdfelodhgefiidomnfl deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2FC2E07A-482B-4BA5-B5E4-9286260585B1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A70E2CF2B2845AB45B4E29686250581B deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Application Restart #3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamingWonderland Browser Plugin Loader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamingWonderland Search Scope Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Inga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Inga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Inga\AppData\Local\Mozilla\Firefox\Profiles\60rpz79i.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1681 folders=310 28652436 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Inga\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Inga\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on po 10. 11. 2014 at 19:38:07,05 ======================
Tool run by Inga on po 10. 11. 2014 at 19:24:05,97.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Inga\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10. 11. 2014 19:26:16 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0671C531-BC5D-43E6-857B-FD59E02D76C4} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{7C8F8FE5-9785-4F74-BCF8-895EF9752D97} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{AB5D199E-9659-47A2-930B-FC3B69061353} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{474597C5-AB09-49D6-A4D5-2E8D7341384E} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{CCB69577-088B-4004-9ED8-FF5BCC83A039} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{901EBDE8-FB45-F6F4-A0D3-BCE47B3CDF56} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{03206869-4BFA-0304-FC79-79B1AAB62A4B} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{21D69F1A-C0EB-94E3-F11C-5399373A67D7} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D8304115-A21A-DAC5-F4D7-BFC722C4E79C} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_USERS\S-1-5-21-3290895776-1476708457-2900598802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{a8625cb7-85fe-4936-92a4-b2a7c925209e} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{51A86BB3-6602-4C85-92A5-130EE4864F13} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\gtffxtbr@GamingWonderland.com deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\prefs.js:
ProfilePath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_201410.11._1934_.backup
==== Deleting Files \ Folders ======================
C:\Windows\system32\appdata deleted
C:\Users\Inga\AppData\LocalLow\{03206869-4BFA-0304-FC79-79B1AAB62A4B} deleted
C:\Users\Inga\AppData\LocalLow\{21D69F1A-C0EB-94E3-F11C-5399373A67D7} deleted
C:\Users\Inga\AppData\LocalLow\{3C6EF946-F8D7-F310-3851-297AC09FF5C0} deleted
C:\Users\Inga\AppData\LocalLow\{75650020-36BB-D59A-77B5-7E77CD7908D3} deleted
C:\Users\Inga\AppData\LocalLow\{8DF97056-6406-CF00-3C24-F3B12F1417C5} deleted
C:\Users\Inga\AppData\LocalLow\{901EBDE8-FB45-F6F4-A0D3-BCE47B3CDF56} deleted
C:\Users\Inga\AppData\LocalLow\{A0E32790-4449-C602-355A-0B1638867430} deleted
C:\Users\Inga\AppData\LocalLow\{A993C732-BB8F-D11F-DEFB-BE492EDB0098} deleted
C:\Users\Inga\AppData\LocalLow\{D494AA26-F963-8CD1-ACAA-7563866EDCE2} deleted
C:\Users\Inga\AppData\LocalLow\{E58E4609-67D2-B5A9-6901-7445EABE1C6E} deleted
C:\Program Files\Alawarhry.cz deleted
C:\Users\Inga\AppData\Roaming\Sammsoft deleted
C:\Users\Inga\AppData\Roaming\GetRightToGo deleted
C:\Users\Inga\AppData\Roaming\ICQ Search deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\ICQ deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Inga\AppData\Local\bearsharemusicboxtoolbar deleted
C:\Users\Inga\AppData\Local\BearShare deleted
C:\Users\Inga\AppData\Local\Pokki deleted
C:\Users\Inga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\Inga\AppData\LocalLow\bearsharemusicboxtoolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\sqlite3.tmp deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\.autoreg deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\bearsharemusicboxtoolbar deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ICQToolbarData deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ilividmoviestoolbar181 deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ilividtoolbarguid deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\CT2776682 deleted
C:\Users\Inga\Desktop\Dominika dokumenty\iLivid.lnk deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\ibcwrar@ifzqvsp.co.uk deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\{104d74b8-67eb-4f25-8294-04eecfa292e4} deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\conduit deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\ConduitEngine deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted
C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\gtffxtbr@GamingWonderland.com deleted
"C:\Windows\Installer\1377c.msi" deleted
"C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default\extensions\ytd@mybrowserbar.com" deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
- Ask New Tabs - %ProfilePath%\extensions\{66A8F3DF-F5DF-DE16-2051-B2D6538E66D1}
- Clipmarks - %ProfilePath%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- ICQ Toolbar - %AppDir%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Inga\AppData\Roaming\Mozilla\Firefox\Profiles\60rpz79i.default
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
A9C86900D2A61728C8326FE7147617C5 - C:\Users\Inga\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
FE5EBC41BC74FEB22D64FCB715F067F5 - C:\Users\Inga\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
4CD25DDA1221224BB92591756ED12602 - C:\Users\Inga\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
A0D63D14016C75D718F5432B13FC6576 - C:\Users\Inga\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
A847F61BACFA2C4E3E0B0F9431BB5245 - C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll - Nokia Suite Enabler Plugin
053E986A84F5EE271D38896B8079157D - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.110.21
F98B0B2789436E072D7ED979C4E44D07 - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleted Firefox Extensions ======================
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} deleted
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Inga\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Inga\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
apgjagobplilmcdfelodhgefiidomnfl - C:\Program Files\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx[]
SNT - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonojoidljgmhpibeajlnjfpfpakhido
Hulu TV Shows - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk
Minimal Memory - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo
Google Webspam Report - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj
HostCabinet Who is hosting that website - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljhfacjpknfplpagpnillgkiepplbjd
GQueues Chrome Extension - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaboplgcinooacenccbofkaadcfbkkb
Facebook chat ninja - Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpjjjllflgmpkilimeigakgedfklmno
==== Chromium Fix ======================
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apgjagobplilmcdfelodhgefiidomnfl deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonojoidljgmhpibeajlnjfpfpakhido deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aonojoidljgmhpibeajlnjfpfpakhido_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aonojoidljgmhpibeajlnjfpfpakhido deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_babdabjblhdjecooajkeenhbaegcdcgk_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coibnogmjcpbccgjofoiklnfpbbjbapo deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_coibnogmjcpbccgjofoiklnfpbbjbapo_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljhfacjpknfplpagpnillgkiepplbjd deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lljhfacjpknfplpagpnillgkiepplbjd_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfaboplgcinooacenccbofkaadcfbkkb deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nfaboplgcinooacenccbofkaadcfbkkb_0.localstorage deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpjjjllflgmpkilimeigakgedfklmno deleted successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojpjjjllflgmpkilimeigakgedfklmno_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{E3985B47-2E21-410B-A699-477A62E9ABBC} Google Url="http://www.google.co.uk/search?hl=en&q= ... rms}&meta="
==== Reset Google Chrome ======================
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A70E2CF2B2845AB45B4E29686250581B deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\8117feab-1165-410a-90ed-a4a10a10bc62 deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\apgjagobplilmcdfelodhgefiidomnfl deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2FC2E07A-482B-4BA5-B5E4-9286260585B1} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A70E2CF2B2845AB45B4E29686250581B deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Application Restart #3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamingWonderland Browser Plugin Loader deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GamingWonderland Search Scope Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar deleted successfully
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Inga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Inga\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Inga\AppData\Local\Mozilla\Firefox\Profiles\60rpz79i.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Inga\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1681 folders=310 28652436 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Inga\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Inga\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on po 10. 11. 2014 at 19:38:07,05 ======================
Re: Prosím o kontrolu logu.
Aplikujte jeste Adwcleaner, log pak sem...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosím o kontrolu logu.
# AdwCleaner v4.101 - Report created 13/11/2014 at 18:36:59
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Inga - INGA-PC
# Running from : C:\Users\Inga\Desktop\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.1 (x86 sk)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [63704 octets] - [10/11/2014 19:18:33]
AdwCleaner[R1].txt - [1549 octets] - [13/11/2014 18:33:39]
AdwCleaner[S0].txt - [65108 octets] - [10/11/2014 19:20:00]
AdwCleaner[S1].txt - [1310 octets] - [13/11/2014 18:36:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1370 octets] ##########
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Inga - INGA-PC
# Running from : C:\Users\Inga\Desktop\adwcleaner_4.101.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\SOFTWARE\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.1 (x86 sk)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [63704 octets] - [10/11/2014 19:18:33]
AdwCleaner[R1].txt - [1549 octets] - [13/11/2014 18:33:39]
AdwCleaner[S0].txt - [65108 octets] - [10/11/2014 19:20:00]
AdwCleaner[S1].txt - [1310 octets] - [13/11/2014 18:36:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1370 octets] ##########
Re: Prosím o kontrolu logu.
Poprosim o novy log z FRST
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?