Piesearch - jak se ho zbavit?

[miroo]

Zdravim,

nejakym zpusobem se mi do PC dostal Piesearch a nemohu se ho vubec zbavit. Uvodni stranku, ktera se v prohlizeci (Chrome) zobrazuje se mi odstranit povedlo, ale nemuzu ho dostat z predvolby vyhledavace. Vzdy kdyz chci neco vyhledat zpusobem, ze text napisu do vrchni listy, spusti se piesearch, kterej nenajde vetsinou vubec nic a strasne to zpomaluje praci. Prikladam i printsreen, jak to vypada v nastaveni, nemohu to dostat pryc, protoze to vyzaduje pristup administratora. I kdyz spustim chrome jako administrator, je to stejny. Nevedel by prosim nekdo, jak se toho zbavit? Dekuji

[Rudy]

Zdravím!
Zkuste následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[miroo]

Moc dekuji za pomoc, zoek ten otravnej piesearch odstranil Celkove ted bezi PC pomerne rychleji. Ted jeste teda prikladam ty logy:

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Miroslav Zavacky on ne 24.04.2016 at 14:14:32,07.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Miroslav Zavacky\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.4.2016 14:19:00 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\Baidu deleted successfully
C:\Program Files\WinZipper deleted successfully
C:\PROGRA~2\Avid deleted successfully
C:\PROGRA~2\RegRun deleted successfully
C:\PROGRA~2\Solidshield deleted successfully
C:\PROGRA~2\Uncheckit deleted successfully
C:\Users\Miroslav Zavacky\AppData\Roaming\NeroDigital(TM) deleted successfully
C:\Users\Miroslav Zavacky\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Miroslav Zavacky\AppData\Roaming\Sony Corporation deleted successfully
C:\Users\Miroslav Zavacky\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSSK deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TSSK deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtab.url", "");
user_pref("browser.search.defaultEnginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("keyword.URL", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "http://www.yessearches.com/?ts=AHEpBXYp ... ode=ffseng");
user_pref("browser.newtab.url", "http://www.yessearches.com/?ts=AHEpBXYp ... ode=ffseng");
user_pref("browser.search.defaultenginename", "yessearches");
user_pref("browser.search.selectedEngine", "yessearches");
user_pref("keyword.URL", "http://search.icq.com/search/afe_result ... 2.0.0.0&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");
user_pref("keyword.URL", "http://search.icq.com/search/afe_result ... 2.0.0.0&q=");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o} ... ry}&dm=all");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,toolbar@ask.com:3.11
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.cbid", "EW");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.dtid", "YYYYYYYYCZ");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "66DEC720-27D2-41E2-8CAB-FA5793163308");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1452824142205");
user_pref("extensions.asktb.locale", "en_EU");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.o", "101913");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "13.1.2012 17:15:26");
user_pref("extensions.asktb.v", "3.14.1.100013");
user_pref("extensions.asktb.version", "5.14.1.20007");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEpBXYp ... B&ptid=tuu&
user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?m ... ..&uid=496
user_pref("browser.search.searchengine.url", "http://www.yessearches.com/chrome.php?m ... U..&uid=49
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
user_pref("icqtoolbar.numberOfSearches", 0);
---- FireFox user.js and prefs.js backups ----

prefs_24.04.2016_1440_.backup

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o} ... ry}&dm=all");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.xpiState", "{\"app-profile\":{\"toolbar@ask.com\":{\"d\":\"C:\\\\Users\\\\Miroslav Zavacky\\\\AppData\\\\Roaming\\\\Mozilla\\\\F
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,toolbar@ask.com:3.11
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.cbid", "EW");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.dtid", "YYYYYYYYCZ");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "66DEC720-27D2-41E2-8CAB-FA5793163308");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1452824142205");
user_pref("extensions.asktb.locale", "en_EU");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.o", "101913");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "13.1.2012 17:15:26");
user_pref("extensions.asktb.v", "3.14.1.100013");
user_pref("extensions.asktb.version", "5.14.1.20007");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.hp", "http://www.yessearches.com/?ts=AHEpBXYp ... B&ptid=tuu&
user_pref("browser.search.searchengine.sp", "http://www.yessearches.com/chrome.php?m ... ..&uid=496
user_pref("browser.search.searchengine.url", "http://www.yessearches.com/chrome.php?m ... U..&uid=49
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
user_pref("icqtoolbar.numberOfSearches", 0);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_24.04.2016_1440_.backup

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default

user.js not found
---- Lines WebSearch removed from prefs.js ----
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.asktb.default-channel-url-mask", "http://eu.ask.com/web?qsrc={qsrc}&o={o} ... ry}&dm=all");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.xpiState", "{\"app-profile\":{\"toolbar@ask.com\":{\"d\":\"C:\\\\Users\\\\Miroslav Zavacky\\\\AppData\\\\Roaming\\\\Mozilla\\\\F
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,toolbar@ask.com:3.11
---- Lines asktb removed from prefs.js ----
user_pref("extensions.asktb.cbid", "EW");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.dtid", "YYYYYYYYCZ");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.first-restart-after-config-update", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "66DEC720-27D2-41E2-8CAB-FA5793163308");
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1452824142205");
user_pref("extensions.asktb.locale", "en_EU");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.o", "101913");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "13.1.2012 17:15:26");
user_pref("extensions.asktb.v", "3.14.1.100013");
user_pref("extensions.asktb.version", "5.14.1.20007");
---- Lines searches removed from prefs.js ----
user_pref("icqtoolbar.numberOfSearches", 0);
---- FireFox user.js and prefs.js backups ----

prefs_24.04.2016_1440_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@="C:\\Program Files\\Safari\\Safari.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
C:\Program Files\Baidu not found
C:\Program Files\WinZipper not found
C:\Program Files\A-PDF Restrictions Remover deleted
C:\Program Files\vghd deleted
C:\Program Files\ICQ6Toolbar deleted
C:\Program Files\OLBPre deleted
C:\Program Files\Tencent deleted
C:\Program Files\SearchesToYesbnd deleted
C:\Program Files\Common Files\Tencent deleted
C:\Users\Miroslav Zavacky\AppData\Roaming\GiftBag.db deleted
C:\Users\Miroslav Zavacky\AppData\Roaming\MIROSLAVZAVACKY.MTBF.txt deleted
C:\Users\Miroslav Zavacky\AppData\Roaming\__AvidCloudManager.log deleted
C:\Users\Miroslav Zavacky\AppData\Roaming\__AvidCloudManagerPrevious.log deleted
C:\Users\Miroslav Zavacky\AppData\Roaming\eCyber deleted
C:\Users\Miroslav Zavacky\AppData\Roaming\Tencent deleted
C:\PROGRA~2\TXQMPC deleted
C:\PROGRA~2\Tencent deleted
C:\PROGRA~2\ICQ deleted
C:\PROGRA~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} deleted
C:\PROGRA~2\{E961CE1B-C3EA-4882-9F67-F859B555D097} deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Miroslav Zavacky\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 deleted
C:\Users\Miroslav Zavacky\AppData\Local\Unity deleted
C:\Users\Miroslav Zavacky\AppData\Local\PriceFountain deleted
C:\Users\Miroslav Zavacky\AppData\Local\AskToolbar deleted
C:\Users\Miroslav Zavacky\AppData\Local\CrashRpt deleted
C:\Users\Public\Documents\dmp deleted
C:\Users\Miroslav Zavacky\AppData\LocalLow\AskToolbar deleted
C:\Users\Miroslav Zavacky\AppData\LocalLow\Unity deleted
C:\Windows\QMNetworkMgr.ini deleted
C:\Windows\system32\TSSK.sys deleted
C:\Windows\GJFix deleted
C:\Windows\SYSTEM32\TASKS\Scheduled Update for Ask Toolbar deleted
C:\Windows\system32\tasks\LaunchPreSignup deleted
C:\end deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\tmp961A.tmp deleted
C:\Windows\System32\tmp964A.tmp deleted
C:\Windows\System32\tmpCD9E.tmp deleted
C:\Windows\System32\tmpCD9F.tmp deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\ICQToolbarData deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\ICQToolbarData deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\jetpack deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\searchplugins\piesearch.xml deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\ICQToolbarData deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\jetpack deleted
C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted
C:\Users\Miroslav Zavacky\Desktop\FreeRapid Downloader.lnk deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\toolbar@ask.com deleted
C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\extensions\toolbar@ask.com deleted
"C:\Users\Miroslav Zavacky\AppData\Local\LumaEmu" deleted
"C:\Program Files\Ask.com\Updater\Updater.exe" deleted
"C:\Program Files\Ask.com" deleted
"C:\Windows\system32\config\systemprofile\AppData\Roaming\Tencent" deleted
"C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\jetpack" deleted
"C:\Program Files\Ask.com\Updater" deleted

==== Orphaned Tasks deleted from Registry ======================

ESET Windows 10 upgrade - Refresh settings deleted
LaunchPreSignup deleted
Scheduled Update for Ask Toolbar deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

ProfilePath: C:\Users\MIROSL~1\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- ICQ Toolbar - %AppDir%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Miroslav Zavacky\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
866B027053F3A40BC36126D265C78E96 - C:\Program Files\Veetle\Player\npvlc.dll - Veetle TV Player
C50B22C8D91A76069A993A2B5197A296 - C:\Program Files\Veetle\plugins\npVeetle.dll - Veetle TV Core
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
73D9E8542248B4ECA63F69D9AE63E3D8 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3E032E5BA7C432858E528E22CDCF1110 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
54BF6EBC262DF04712AC4EB18AD8B9CC - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll - PlayStation(R)Network Downloader Check Plug-in
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
0205ADAFFDDF04F0F69200E5CFB5FFD9 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
9F8210675BD2ACC283959BB33F0307DF - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
57C7E359ED8D049132EED23EFA444C63 - C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll - Shockwave Flash
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\Miroslav Zavacky\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
866B027053F3A40BC36126D265C78E96 - C:\Program Files\Veetle\Player\npvlc.dll - Veetle TV Player
C50B22C8D91A76069A993A2B5197A296 - C:\Program Files\Veetle\plugins\npVeetle.dll - Veetle TV Core
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
73D9E8542248B4ECA63F69D9AE63E3D8 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3E032E5BA7C432858E528E22CDCF1110 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
54BF6EBC262DF04712AC4EB18AD8B9CC - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll - PlayStation(R)Network Downloader Check Plug-in
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
0205ADAFFDDF04F0F69200E5CFB5FFD9 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
9F8210675BD2ACC283959BB33F0307DF - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

Profilepath: C:\Users\Miroslav Zavacky\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default
999A833D87C8CD918B5EE8C3F8149D2B - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat
866B027053F3A40BC36126D265C78E96 - C:\Program Files\Veetle\Player\npvlc.dll - Veetle TV Player
C50B22C8D91A76069A993A2B5197A296 - C:\Program Files\Veetle\plugins\npVeetle.dll - Veetle TV Core
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
73D9E8542248B4ECA63F69D9AE63E3D8 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3E032E5BA7C432858E528E22CDCF1110 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll - RealPlayer Version Plugin
54BF6EBC262DF04712AC4EB18AD8B9CC - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll - PlayStation(R)Network Downloader Check Plug-in
AC421A44DE902F2627F1E63793ED89CD - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
0205ADAFFDDF04F0F69200E5CFB5FFD9 - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
9F8210675BD2ACC283959BB33F0307DF - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight


==== Deleted Firefox Extensions ======================

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14.05.2013 13:27]

AdBlock - Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Facebook Chat Downloader - Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Extensions\kflkdhmijdgjnlbdkfgdmolcjnflmlhf

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
"ICQ Search"="http://search.icq.com/search/results.ph ... &ch_id=osd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="C:\\ProgramData\\ICQ\\ICQNewTab\\newTab.html"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - No_Url_Value

==== Reset Google Chrome ======================

C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgbak was reset successfully
C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Web Datagbak was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3370062916-920056814-1549867980-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3370062916-920056814-1549867980-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-3370062916-920056814-1549867980-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3370062916-920056814-1549867980-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Miroslav Zavacky\Desktop\Assassins Creed IV - Black Flag.lnk - C:\HRY\Assassins Creed IV - Black Flag\Assassins Creed IV Black Flag\AC4BFSP.exe
C:\Users\Miroslav Zavacky\Desktop\Batman - Arkham Origins.lnk - C:\HRY\Batman - Arkham Origins\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
C:\Users\Miroslav Zavacky\Desktop\BS.Player PRO.lnk - C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Users\Miroslav Zavacky\Desktop\Call of Juarez - Gunslinger.lnk - C:\HRY\Call of Juarez - Gunslinger\Call of Juarez Gunslinger\CoJGunslinger.exe
C:\Users\Miroslav Zavacky\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Miroslav Zavacky\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Miroslav Zavacky\Desktop\cpuz.lnk - C:\Program Files\cpuz\cpuz.exe
C:\Users\Miroslav Zavacky\Desktop\Daemon Tools.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Miroslav Zavacky\Desktop\Dead Island.lnk - C:\HRY\Dead Island\Dead Island\DeadIslandGame.exe
C:\Users\Miroslav Zavacky\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\Miroslav Zavacky\Desktop\Everest Ultimate.lnk - C:\Program Files\Everest Ultimate\everest.exe
C:\Users\Miroslav Zavacky\Desktop\F1 2011.lnk - C:\HRY\F1 2011\F1_2011_Launcher.exe
C:\Users\Miroslav Zavacky\Desktop\Far Cry 3.lnk - C:\Program Files\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe -offline -language=czech
C:\Users\Miroslav Zavacky\Desktop\Folder Lock.lnk - C:\Program Files\Folder Lock\Folder Lock.exe
C:\Users\Miroslav Zavacky\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\Miroslav Zavacky\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav Zavacky\Desktop\iExplorer.lnk - C:\Program Files\iExplorer\iExplorer.exe
C:\Users\Miroslav Zavacky\Desktop\Left 4 Dead 2.lnk - C:\HRY\Left 4 dead 2\Left 4 Dead 2\left4dead2.exe
C:\Users\Miroslav Zavacky\Desktop\Making Video.lnk - C:\Program Files\Making Video
C:\Users\Miroslav Zavacky\Desktop\Microsoft Flight Simulator X.lnk - C:\HRY\Microsoft Flight Simulator X\fsx.exe
C:\Users\Miroslav Zavacky\Desktop\Need For Speed The Run.lnk - C:\HRY\Need for Speed - Run\Need for Speed The Run\Need For Speed The Run.exe
C:\Users\Miroslav Zavacky\Desktop\NOD32 Antivirus.lnk - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\Miroslav Zavacky\Desktop\Serious Sam 3 - BFE.lnk - C:\Program Files\Steam\steamapps\common\Serious Sam 3\Bin\Sam3Launcher.exe
C:\Users\Miroslav Zavacky\Desktop\Steam.lnk - C:\Program Files\Steam\Steam.exe
C:\Users\Miroslav Zavacky\Desktop\Test Drive Unlimited.lnk - C:\HRY\Test drive - Unlimited\TestDriveUnlimited.exe
C:\Users\Miroslav Zavacky\Desktop\Tor Browser.lnk - C:\Program Files\Tor Browser\Browser\firefox.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\Users\Miroslav Zavacky\Desktop\Total Commander.lnk - C:\totalcmd\TOTALCMD.EXE
C:\Users\Miroslav Zavacky\Desktop\UnHackMe.lnk - C:\Program Files\UnHackMe\Unhackme.exe
C:\Users\Miroslav Zavacky\Desktop\WAREZ.lnk - C:\Users\Miroslav Zavacky\Documents\WAREZ
C:\Users\Miroslav Zavacky\Desktop\Webshare Klient.lnk - C:\Program Files\Webshare\WebshareDLC.exe
C:\Users\Miroslav Zavacky\Desktop\µTorrent.lnk -
C:\Users\Miroslav Zavacky\Desktop\ŠKOLA.lnk -
C:\Users\Miroslav Zavacky\Desktop\PlayStation\Alan Wake.lnk - C:\HRY\Alan Wake\Alan Wake\AlanWake.exe
C:\Users\Miroslav Zavacky\Desktop\PlayStation\Crash Bandicoot 2.lnk - C:\Program Files\Crash Bandicoot 2\psxfin.exe -f "cdimages\Crash 2.bin"
C:\Users\Miroslav Zavacky\Desktop\PlayStation\Crash Bandicoot 3.lnk - C:\Program Files\Crash Bandicoot 3\psxfin.exe -f "cdimages\Crash Bandicoot 3.bin"
C:\Users\Miroslav Zavacky\Desktop\PlayStation\Crash Bandicoot.lnk - C:\Program Files\Crash Bandicoot\psxfin.exe -f "cdimages\Crash Bandicoot (E) (No EDC) [SCES-00344].bin"
C:\Users\Miroslav Zavacky\Desktop\PlayStation\Crash Bash.lnk - C:\Program Files\Crash Bash\psxfin.exe -f "cdimages\Crash Bash [SCUS-94570].bin"
C:\Users\Miroslav Zavacky\Desktop\PlayStation\z. Zuma's Revenge.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\3DMark 11.lnk - C:\Program Files\Futuremark\3DMark11\bin\x86\3DMark11.exe
C:\Users\Public\Desktop\Air Video Server.lnk - C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk - C:\Program Files\CyberLink\PowerDVD10\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\DiRT 3.lnk - C:\HRY\Dirt 3\dirt3.exe
C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk - C:\Program Files\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
C:\Users\Public\Desktop\Far Cry.lnk - C:\HRY\Far Cry\Bin32\FarCry.exe
C:\Users\Public\Desktop\FastShare.lnk - C:\Program Files\FastShare\FastShare.exe
C:\Users\Public\Desktop\GRID 2.lnk - C:\HRY\GRID 2\GRID 2\grid2.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Public\Desktop\Lost Planet 3.lnk - C:\HRY\Lost planet 3\Lost Planet 3\Binaries\Win32\LP3Launcher.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\Users\Public\Desktop\Nero StartSmart 10.lnk - C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ScStartSmartDeskto_3AF47A4E14DF4546B1449D27245505A0.exe
C:\Users\Public\Desktop\NHL® 09.lnk -
C:\Users\Public\Desktop\Outlast.lnk - C:\HRY\Outlast\Outlast\Binaries\Win32\OLGame.exe
C:\Users\Public\Desktop\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Public\Desktop\SCANIA Truck Driving Simulator.lnk - C:\HRY\SCANIA Truck Driving Simulator\bin\win_x86\scania_truck_driving_simulator.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe
C:\Users\Public\Desktop\Tomb Raider.lnk - C:\HRY\Tomb Raider\Tombraider\TombRaider.exe
C:\Users\Public\Desktop\Update NOD32 license.lnk - C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Car Driving.lnk - C:\Program Files\City Car Driving\tools\nlsdl.x86.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Driving-School\3D Driving-School (Window).lnk - C:\Program Files\3D Driving-School\academy.exe academy -wnd
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Driving-School\3D Driving-School.lnk - C:\Program Files\3D Driving-School\academy.exe academy
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Driving-School\Home-Page.lnk - C:\Program Files\3D Driving-School\3D-Driving-School.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Driving-School\Personal License.lnk - C:\Program Files\3D Driving-School\License.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Driving-School\Short Intro.lnk - C:\Windows\system32\notepad.exe Intro.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Driving-School\Uninstalling 3D Driving-School.lnk - C:\Program Files\3D Driving-School\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Co jsou iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\cs.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk - C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\RichText.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\QTPlayer.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk - C:\Windows\System32\msiexec.exe /i {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /qf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit\Uncheckit.lnk - C:\Program Files\Uncheckit\Uncheckit.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit\uninstall.lnk - C:\Program Files\Uncheckit\UncheckitInst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Check for UnHackMe updates.lnk - C:\Program Files\UnHackMe\GWebUpdate.exe http://greatis.com/unhackme.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\How to register.lnk - C:\Program Files\UnHackMe\order.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Read me.lnk - C:\Program Files\UnHackMe\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Reanimator.lnk - C:\Program Files\UnHackMe\reanimator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Register UnHackMe.lnk - C:\Program Files\UnHackMe\Unhackme.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\UnHackMe Monitor.lnk - C:\Program Files\UnHackMe\hackmon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\UnHackMe.lnk - C:\Program Files\UnHackMe\Unhackme.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Uninstall UnHackMe.lnk - C:\Program Files\UnHackMe\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ\ĂŔÍĽäŻŔŔ.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ\жÔŘ.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?rdam?x K?ylogger 4.3.9\Log Viewer.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?rdam?x K?ylogger 4.3.9\?rdam?x K?ylogger 4.3.9.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk - C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player PRO.lnk - C:\Program Files\Webteh\BSplayerPro\bsplayer.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Folder Lock.lnk - C:\Program Files\Folder Lock\Folder Lock.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Character Map.lnk - C:\Windows\system32\charmap.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Magnify.lnk - C:\Windows\system32\magnify.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.piesearch.com/?uid=d65c120c- ... a6663859df
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Průzkumník Windows (2).lnk -
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Průzkumník Windows.lnk -
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Safari (2).lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Safari.lnk - C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe

==== shortcuts After Repair ======================

C:\Users\Miroslav Zavacky\Desktop\Tor Browser.lnk - C:\Program Files\Tor Browser\Browser\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe\Check for UnHackMe updates.lnk - C:\Program Files\UnHackMe\gwebupdate.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Miroslav Zavacky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\vghd deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miroslav Zavacky\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Miroslav Zavacky\AppData\Local\Mozilla\Firefox\Profiles\41A66E7E5EE1\cache2 emptied successfully
C:\Users\Miroslav Zavacky\AppData\Local\Mozilla\Firefox\Profiles\p3fxdx0p.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Miroslav Zavacky\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4927 folders=789 593604577 bytes)

==== Empty Temp Folders ======================

C:\Users\Miroslav Zavacky\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MIROSL~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on ne 24.04.2016 at 15:49:47,58 ======================








~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Ultimate x86
Ran by Miroslav Zavacky (Administrator) on ne 24.04.2016 at 15:54:45,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 20

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Program Files\version09CheckMeUp (Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi (File)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Roaming\vghd (Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L0KEB05 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FAPO3XF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADANTCG3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1KK74JV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJVM00U5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVGJYYQT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7E2AOZJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miroslav Zavacky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7FXSGQA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1L0KEB05 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FAPO3XF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADANTCG3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1KK74JV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DJVM00U5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVGJYYQT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7E2AOZJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7FXSGQA (Temporary Internet Files Folder)

Deleted the following from C:\Users\Miroslav Zavacky\AppData\Roaming\Mozilla\Firefox\Profiles\p3fxdx0p.default\prefs.js
user_pref(icqtoolbar.allowSendURL, false);
user_pref(icqtoolbar.engineVerified, true);
user_pref(icqtoolbar.geolastmodified, 1298218691);
user_pref(icqtoolbar.hiddenElements, itb_options);
user_pref(icqtoolbar.history, astrologie%20-%20bronerova||spy%20cam%20wifi||mac%20os%20x%20leopard);
user_pref(icqtoolbar.icqgeo, 42);
user_pref(icqtoolbar.installsource, 1);
user_pref(icqtoolbar.installTime, 1297613836);
user_pref(icqtoolbar.newtab_state, 0);
user_pref(icqtoolbar.previousFFVersion, 3.6.13);
user_pref(icqtoolbar.skip_default_search, no);
user_pref(icqtoolbar.suggestions, false);
user_pref(icqtoolbar.uniqueID, 126462133912646213391264636407407);
user_pref(icqtoolbar.usageStatstTimestamp, 1298499565);
user_pref(icqtoolbar.version, 2.0.0.0);
user_pref(icqtoolbar.xmlEnableSuggestions, false);
user_pref(icqtoolbar.xmlLanguage, cs);



Registry: 5

Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSCPM (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 24.04.2016 at 15:59:59,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

OK, z logu vidím, že byl smazán. Jinak vše OK?