Dobrý den.
Prosím o kontrolu logu. V prohlížeči Google Chrome mám nainstalovaný doplněk RReMeoveAdsTube 1.6, který nedokáži odtranit a který způsobuje neustálé vyskakovaní reklamních oken v prohlížečích.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by homola (administrator) on USER-THINK on 23-05-2014 12:53:45
Running from C:\Users\homola.ELEKTROSTAV\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
() C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(LITEON) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\skdh8821.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(EMC) C:\Program Files (x86)\Iomega StorCenter\sohoclient.exe
(Software602) C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Juniper Networks, Inc.) C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(forum.viry.cz) C:\Users\homola.ELEKTROSTAV\Desktop\FRST-OlderVersion\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Skd8821] => C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Skd8821.exe [384000 2010-08-05] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Power Manager Power Agenda] => C:\Program Files (x86)\ThinkPad\Utilities\DPMHost.EXE [75064 2011-08-11] ()
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-14] (Lenovo, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Print2PDF Print Monitor] => C:\Program Files (x86)\Software602\Print2PDF\Print2PDF.exe [220992 2011-10-04] (Software602)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PUStarter] => C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe [73728 2009-12-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RunPUTasktray] => C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe [68608 2009-12-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-13] (Google Inc.)
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\...\MountPoints2: {dff2c6c6-3d85-11e1-82b8-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Iomega StorCenter.lnk
ShortcutTarget: Iomega StorCenter.lnk -> C:\Program Files (x86)\Iomega StorCenter\sohoclient.exe (EMC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/?gfe_rd=cr&ei=x4Q ... _AaeloDwCw
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ477
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... NP_csCZ477
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: RReMeoveAdsTube - {CE56BBE2-50C8-F653-7B73-B66F0E9183C0} - C:\ProgramData\RReMeoveAdsTube\8IG_RD.x64.dll ()
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files (x86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: DownloadnSave Class - {C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} - C:\ProgramData\DownloadnSave\bhoclass.dll ()
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: RReMeoveAdsTube - {CE56BBE2-50C8-F653-7B73-B66F0E9183C0} - C:\ProgramData\RReMeoveAdsTube\8IG_RD.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/Juni ... ient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://citrix.cez.cz/dana-cached/sc/Ju ... Client.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - No File
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler-x32: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
Handler-x32: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
Handler-x32: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.254
FireFox:
========
FF ProfilePath: C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.simplespeedy.info/
FF Keyword.URL: hxxp://websearch.simplespeedy.info/?l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: RReMeoveAdsTube - C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default\Extensions\aykgxqwl@yxpnpx-.edu [2014-04-07]
FF Extension: continueteosaevve - C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default\Extensions\fadxqlwt@kxuaue.co.uk [2014-04-07]
FF Extension: CheapMe - C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default\Extensions\qfttauyyao@oeeuklqyye.co.uk [2014-04-07]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-09-17]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ []
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-09-17]
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR StartupUrls: "hxxp://www.seznam.cz/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows LiveÃÂ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (RReMeoveAdsTube) - C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc [2014-02-18]
CHR Extension: (PenÄženka Google) - C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [lhhajlghfcfpjmlknibcjiohaeimeokm] - C:\ProgramData\SaveByclick\lhhajlghfcfpjmlknibcjiohaeimeokm.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [mgiopholdjnidkmipbpebjhboogcaiap] - C:\ProgramData\DownloadnSave\mgiopholdjnidkmipbpebjhboogcaiap.crx [2012-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [73728 2010-04-14] (Software602 a.s.)
S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1839888 2013-01-15] (DIAL GmbH)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
R2 Sks8821; C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe [137216 2010-05-04] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-06-30] ()
==================== Drivers (Whitelisted) ====================
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-23 12:53 - 2014-05-23 12:53 - 00027765 _____ () C:\Users\homola.ELEKTROSTAV\Desktop\FRST.txt
2014-05-23 12:52 - 2014-05-23 12:52 - 00000000 ____D () C:\Users\homola.ELEKTROSTAV\Desktop\FRST-OlderVersion
2014-05-14 16:06 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:06 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:05 - 2014-05-05 21:20 - 09073664 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 16:05 - 2014-05-05 21:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 16:05 - 2014-05-05 20:39 - 06041600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 16:05 - 2014-05-05 20:39 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:05 - 2014-05-05 18:28 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 16:05 - 2014-05-05 17:50 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 16:04 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:04 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:04 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:04 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:04 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:04 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:04 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:04 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:04 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:04 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:04 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:04 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:04 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:04 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:04 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:04 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:04 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:04 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:04 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:04 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:04 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:04 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:04 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:04 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-07 15:46 - 2014-05-23 12:52 - 00000000 ____D () C:\FRST
2014-05-07 15:44 - 2014-05-23 12:52 - 02067456 _____ (Farbar) C:\Users\homola.ELEKTROSTAV\Desktop\FRST64.exe
2014-05-07 15:41 - 2014-05-07 15:41 - 00016891 _____ () C:\Users\homola.ELEKTROSTAV\Desktop\hijackthis.log
2014-05-07 15:37 - 2014-05-07 15:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\homola.ELEKTROSTAV\Desktop\hijackthis.exe
2014-05-05 07:15 - 2014-05-05 07:15 - 00001046 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-05-05 07:15 - 2014-05-05 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-05 07:15 - 2014-05-05 07:15 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 07:15 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-05-05 07:15 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-05-05 07:15 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
==================== One Month Modified Files and Folders =======
2014-05-23 12:53 - 2014-05-23 12:53 - 00027765 _____ () C:\Users\homola.ELEKTROSTAV\Desktop\FRST.txt
2014-05-23 12:53 - 2012-07-02 15:41 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2014-05-23 12:53 - 2012-03-26 11:47 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-23 12:52 - 2014-05-23 12:52 - 00000000 ____D () C:\Users\homola.ELEKTROSTAV\Desktop\FRST-OlderVersion
2014-05-23 12:52 - 2014-05-07 15:46 - 00000000 ____D () C:\FRST
2014-05-23 12:52 - 2014-05-07 15:44 - 02067456 _____ (Farbar) C:\Users\homola.ELEKTROSTAV\Desktop\FRST64.exe
2014-05-23 12:50 - 2012-01-13 03:34 - 01570339 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 12:47 - 2012-03-26 11:47 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-23 12:46 - 2012-01-13 03:40 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-23 12:46 - 2012-01-13 03:40 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-23 08:35 - 2012-08-08 08:58 - 00000000 ____D () C:\ČEZ Export
2014-05-23 07:33 - 2014-04-04 12:10 - 00000336 _____ () C:\Windows\BRCALIB.INI
2014-05-23 07:15 - 2012-04-03 09:09 - 00000000 ____D () C:\Data
2014-05-23 07:09 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-23 07:09 - 2009-07-14 06:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-23 07:06 - 2012-01-13 03:20 - 00666194 _____ () C:\Windows\system32\perfh005.dat
2014-05-23 07:06 - 2012-01-13 03:20 - 00139890 _____ () C:\Windows\system32\perfc005.dat
2014-05-23 07:06 - 2009-07-14 07:13 - 01576554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-23 07:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-23 07:01 - 2009-07-14 06:51 - 00087068 _____ () C:\Windows\setupact.log
2014-05-21 11:00 - 2013-02-26 10:39 - 00000000 ____D () C:\Users\homola.ELEKTROSTAV\SICHR13
2014-05-21 10:59 - 2012-08-07 08:46 - 00000000 ____D () C:\Users\homola.ELEKTROSTAV
2014-05-20 07:14 - 2012-05-10 11:51 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-20 07:14 - 2012-05-10 11:51 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-19 12:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 07:17 - 2012-08-01 13:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 07:15 - 2012-08-07 08:46 - 00000000 ___RD () C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 07:15 - 2012-08-07 08:46 - 00000000 ___RD () C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 07:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 16:05 - 2012-03-26 19:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-07 15:41 - 2014-05-07 15:41 - 00016891 _____ () C:\Users\homola.ELEKTROSTAV\Desktop\hijackthis.log
2014-05-07 15:37 - 2014-05-07 15:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\homola.ELEKTROSTAV\Desktop\hijackthis.exe
2014-05-07 12:54 - 2013-05-27 15:21 - 00000000 ____D () C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Skype
2014-05-05 21:20 - 2014-05-14 16:05 - 09073664 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 21:20 - 2014-05-14 16:05 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 20:39 - 2014-05-14 16:05 - 06041600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:39 - 2014-05-14 16:05 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 18:28 - 2014-05-14 16:05 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 17:50 - 2014-05-14 16:05 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 07:15 - 2014-05-05 07:15 - 00001046 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-05-05 07:15 - 2014-05-05 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-05-05 07:15 - 2014-05-05 07:15 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-05-05 07:15 - 2012-08-07 10:20 - 00000000 ____D () C:\Users\homola.ELEKTROSTAV\AppData\Roaming\pdfforge
2014-04-25 17:44 - 2014-05-05 07:15 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-04-25 17:44 - 2014-05-05 07:15 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2014-04-25 17:44 - 2014-05-05 07:15 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
Some content of TEMP:
====================
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\incredibar_installer.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih[1].exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\SkypeSetup.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp\_is561B.exe
C:\Users\user\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\user\AppData\Local\Temp\installChecker.exe
C:\Users\user\AppData\Local\Temp\kmpd51e5.dlL
C:\Users\user\AppData\Local\Temp\mgsqlite3.dll
C:\Users\user\AppData\Local\Temp\RegAsm.exe
C:\Users\user\AppData\Local\Temp\Shortcut_sweetim.exe
C:\Users\user\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\user\AppData\Local\Temp\UpdaterCopy.exe
C:\Users\user\AppData\Local\Temp\_is824B.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\homola.ELEKTROSTAV\Desktop" je 4 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Hewlett-Packard\\HP Printer Utility\\HPPU.exe"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Printer Utility\\HPPU.exe:*:Enabled:HP Printer Utility HPPURun"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Hewlett-Packard\\HP Printer Utility\\HPPU.exe"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Printer Utility\\HPPU.exe:*:Enabled:HP Printer Utility HPPURun"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Google Chrome - odstranění doplňku RReMeoveAdsTube 1.6
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Google Chrome - odstranění doplňku RReMeoveAdsTube 1.6
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\...\MountPoints2: {dff2c6c6-3d85-11e1-82b8-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: DownloadnSave Class - {C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} - C:\ProgramData\DownloadnSave\bhoclass.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/Juni ... ient64.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - No File
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
FF ProfilePath: C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.simplespeedy.info/
FF Keyword.URL: hxxp://websearch.simplespeedy.info/?l=1&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Extension: (RReMeoveAdsTube) - C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc [2014-02-18]
C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [lhhajlghfcfpjmlknibcjiohaeimeokm] - C:\ProgramData\SaveByclick\lhhajlghfcfpjmlknibcjiohaeimeokm.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [mgiopholdjnidkmipbpebjhboogcaiap] - C:\ProgramData\DownloadnSave\mgiopholdjnidkmipbpebjhboogcaiap.crx [2012-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp
C:\Users\user\AppData\Local\Temp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Google Chrome - odstranění doplňku RReMeoveAdsTube 1.6
Posílám log.
Na konci mi FRST zobrazil chybovou hlášku:
Line 9272
Error: Variable cannot be a accessed in this manner
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by homola at 2014-05-26 07:04:28 Run:1
Running from C:\Users\homola.ELEKTROSTAV\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\...\MountPoints2: {dff2c6c6-3d85-11e1-82b8-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: DownloadnSave Class - {C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} - C:\ProgramData\DownloadnSave\bhoclass.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/Juni ... ient64.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - No File
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
FF ProfilePath: C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.simplespeedy.info/
FF Keyword.URL: hxxp://websearch.simplespeedy.info/?l=1&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Extension: (RReMeoveAdsTube) - C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc [2014-02-18]
C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [lhhajlghfcfpjmlknibcjiohaeimeokm] - C:\ProgramData\SaveByclick\lhhajlghfcfpjmlknibcjiohaeimeokm.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [mgiopholdjnidkmipbpebjhboogcaiap] - C:\ProgramData\DownloadnSave\mgiopholdjnidkmipbpebjhboogcaiap.crx [2012-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp
C:\Users\user\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dff2c6c6-3d85-11e1-82b8-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{dff2c6c6-3d85-11e1-82b8-806e6f6e6963} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA570693-00E2-4907-B6F1-60A1199B030C} => Key deleted successfully.
HKCR\CLSID\{AA570693-00E2-4907-B6F1-60A1199B030C} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\dialux => Key deleted successfully.
HKCR\CLSID\{8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} => Key not found.
HKCR\PROTOCOLS\Handler\HPPUDCS => Key deleted successfully.
HKCR\CLSID\{522CC7E5-F378-4F97-8BD7-125D17F5B332} => Key not found.
HKCR\PROTOCOLS\Handler\hppufile => Key deleted successfully.
HKCR\CLSID\{4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} => Key not found.
HKCR\PROTOCOLS\Handler\hppusam => Key deleted successfully.
HKCR\CLSID\{4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} => Key not found.
HKCR\PROTOCOLS\Handler\hppuzip => Key deleted successfully.
HKCR\CLSID\{4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
C:\Program Files (x86)\Google\Google Toolbar => Should not be moved.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc => Moved successfully.
"C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
C:\Program Files\Web Assistant\source.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
"C:\Program Files\Web Assistant\source.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhhajlghfcfpjmlknibcjiohaeimeokm => Key deleted successfully.
"C:\ProgramData\SaveByclick\lhhajlghfcfpjmlknibcjiohaeimeokm.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mgiopholdjnidkmipbpebjhboogcaiap => Key deleted successfully.
C:\ProgramData\DownloadnSave\mgiopholdjnidkmipbpebjhboogcaiap.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
"C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp" directory move:
Na konci mi FRST zobrazil chybovou hlášku:
Line 9272
Error: Variable cannot be a accessed in this manner
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by homola at 2014-05-26 07:04:28 Run:1
Running from C:\Users\homola.ELEKTROSTAV\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\...\MountPoints2: {dff2c6c6-3d85-11e1-82b8-806e6f6e6963} - Q:\LenovoQDrive.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.simplespeedy.info/?l=1&q={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
C:\Program Files (x86)\Google\Google Toolbar
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: DownloadnSave Class - {C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} - C:\ProgramData\DownloadnSave\bhoclass.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/Juni ... ient64.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - No File
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - No File
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
FF ProfilePath: C:\Users\homola.ELEKTROSTAV\AppData\Roaming\Mozilla\Firefox\Profiles\wg5zxoo8.default
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.simplespeedy.info/
FF Keyword.URL: hxxp://websearch.simplespeedy.info/?l=1&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Extension: (RReMeoveAdsTube) - C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc [2014-02-18]
C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [lhhajlghfcfpjmlknibcjiohaeimeokm] - C:\ProgramData\SaveByclick\lhhajlghfcfpjmlknibcjiohaeimeokm.crx [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [mgiopholdjnidkmipbpebjhboogcaiap] - C:\ProgramData\DownloadnSave\mgiopholdjnidkmipbpebjhboogcaiap.crx [2012-06-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp
C:\Users\user\AppData\Local\Temp
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3785347401-3771983455-3078694810-1186\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dff2c6c6-3d85-11e1-82b8-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{dff2c6c6-3d85-11e1-82b8-806e6f6e6963} => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C2920454-97AD-68B0-1CE4-0B8FC0C11ED4} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AA570693-00E2-4907-B6F1-60A1199B030C} => Key deleted successfully.
HKCR\CLSID\{AA570693-00E2-4907-B6F1-60A1199B030C} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\dialux => Key deleted successfully.
HKCR\CLSID\{8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} => Key not found.
HKCR\PROTOCOLS\Handler\HPPUDCS => Key deleted successfully.
HKCR\CLSID\{522CC7E5-F378-4F97-8BD7-125D17F5B332} => Key not found.
HKCR\PROTOCOLS\Handler\hppufile => Key deleted successfully.
HKCR\CLSID\{4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} => Key not found.
HKCR\PROTOCOLS\Handler\hppusam => Key deleted successfully.
HKCR\CLSID\{4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} => Key not found.
HKCR\PROTOCOLS\Handler\hppuzip => Key deleted successfully.
HKCR\CLSID\{4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
C:\Program Files (x86)\Google\Google Toolbar => Should not be moved.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc => Moved successfully.
"C:\Users\homola.ELEKTROSTAV\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfbjifkndnncbelojcibmocfgabppalc" => File/Directory not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
C:\Program Files\Web Assistant\source.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd => Key deleted successfully.
"C:\Program Files\Web Assistant\source.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lhhajlghfcfpjmlknibcjiohaeimeokm => Key deleted successfully.
"C:\ProgramData\SaveByclick\lhhajlghfcfpjmlknibcjiohaeimeokm.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mgiopholdjnidkmipbpebjhboogcaiap => Key deleted successfully.
C:\ProgramData\DownloadnSave\mgiopholdjnidkmipbpebjhboogcaiap.crx => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
"C:\Users\homola.ELEKTROSTAV\AppData\Local\Temp" directory move:
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Google Chrome - odstranění doplňku RReMeoveAdsTube 1.6
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Google Chrome - odstranění doplňku RReMeoveAdsTube 1.6
Zdá se, že je to v pořádku. Díky moc.
-
Rudy
- Site Admin
- Příspěvky: 119359
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Google Chrome - odstranění doplňku RReMeoveAdsTube 1.6
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?