kontrola logu

[Wrozer]

BMalwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 23.3.2015
Èas skenování: 16:25:41
Protokol: mbam.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.03.09.05
Databáze rootkitù: v2015.02.25.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Jirka

Typ skenu: Sken hrozeb
Výsledek: Dokonèeno
Prohledaných objektù: 551028
Uplynulý èas: 22 min, 52 sek

Pamì: Zapnuto
Po spuštìní: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíèe registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Reklama]

[Wrozer]

RogueKiller V10.5.7.0 (x64) [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operaèní systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštìno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Users\Jirka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/23/2015 17:09:40

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 65.52.240.48
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.cloud.techsmith.com127.0.0.1 bandicam.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl.bandisoft.com

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeèe : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60ZF5A0 ATA Device +++++
--- User ---
[MBR] 8a5e8f2d48ed2e736f9505c8f6e96559
[BSP] bf757a2e9871388795839080d4ba8ec3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03232015_170554.log

[Wrozer]

i kdyz uz jsem to psal tak prosim, pokud mozno tak ne abych porad posilal logy, ale aby MI SEL INTERNET, pisete tu porad at neco stahnu, pripadam si jako kdyby to automaticky generovalo spravy a muj problem nevnimate

[Wrozer]

Chtel bych jeste dodat kdyz pingnu v cmd jakykoliv server tak mk to v poho hazi pimg

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Wrozer]

jaro já tě miluju!!! INTERNET JEDE!!!! DÍKY !!!

[Orcus]

OK, to si pak dořešíte doma medíci. Každopádně dodej logy, ať můžeme dočistit.

[Wrozer]

Logy dodam vecer, nemam to snadne s casem, porad prace a skola + treninky...

[jaro3]

OK.

[Wrozer]

No tak momentalne mam minimun casu takze nedodam log roguekiller , dám zítra. Ale potrebuji help, protože asi týden mám problém s přehříváním CPU a chladič Jede ale NEJMIN, jako kdyby mu nic nerikalo ze ma zvisit otacky aby mi to chladil, cpu ma v průměru 80C a ve hrach mam kazdou sekundu lag

[Wrozer]

ComboFix 15-03-23.01 - Jirka 25.03.2015 16:46:32.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8190.6389 [GMT 1:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\VLC Player GPU+
c:\program files (x86)\VLC Player GPU+\path.inf
c:\programdata\ntuser.pol
c:\users\Jirka\AppData\Local\assembly\tmp
c:\users\lukas\11.xps
c:\users\lukas\AppData\Local\assembly\tmp
c:\users\lukas\Documents\~yt33DC.tmp
c:\users\lukas\Documents\~yt6845.tmp
c:\windows\PFRO.log
c:\windows\Readme.txt
c:\windows\SysWow64\X86
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-25 do 2015-03-25 )))))))))))))))))))))))))))))))
.
.
2015-03-25 16:02 . 2015-03-25 16:02 -------- d-----w- c:\users\Veronika\AppData\Local\temp
2015-03-25 16:02 . 2015-03-25 16:02 -------- d-----w- c:\users\Veronika.lukas-PC\AppData\Local\temp
2015-03-25 16:02 . 2015-03-25 16:02 -------- d-----w- c:\users\lukas\AppData\Local\temp
2015-03-25 14:51 . 2015-03-25 14:00 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-25 14:51 . 2015-03-25 16:09 -------- d-----w- c:\users\Jirka\AppData\Local\Temp
2015-03-24 17:57 . 2015-03-25 14:45 -------- d-----w- C:\zoek_backup
2015-03-23 16:03 . 2015-03-24 17:47 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-23 16:03 . 2015-03-23 16:14 -------- d-----w- c:\programdata\RogueKiller
2015-03-22 10:00 . 2015-03-23 16:15 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-22 10:00 . 2015-03-22 10:00 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-22 10:00 . 2015-03-22 10:00 -------- d-----w- c:\programdata\Malwarebytes
2015-03-22 10:00 . 2015-03-17 05:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-22 10:00 . 2015-03-17 05:15 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-22 10:00 . 2015-03-17 05:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-18 16:58 . 2015-03-18 16:58 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-03-14 19:50 . 2015-03-23 15:18 -------- d-----w- C:\AdwCleaner
2015-03-14 17:14 . 2015-03-14 17:14 -------- d-----w- c:\users\Veronika.lukas-PC\AppData\Roaming\AVG
2015-03-14 17:14 . 2015-03-14 17:14 -------- d-----w- c:\users\Veronika.lukas-PC\AppData\Local\AVG
2015-03-14 17:14 . 2015-03-14 17:14 -------- d-----w- c:\users\Veronika.lukas-PC\AppData\Local\Skype
2015-03-14 17:13 . 2015-03-14 17:13 -------- d-sh--w- c:\users\Veronika.lukas-PC\AppData\Local\EmieBrowserModeList
2015-03-14 17:12 . 2015-03-14 18:03 -------- d-----w- c:\users\Veronika.lukas-PC\AppData\Roaming\Software Informer
2015-03-14 17:12 . 2015-03-14 17:12 -------- d-----w- c:\users\Veronika.lukas-PC\AppData\Local\Adobe
2015-03-10 18:29 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-10 18:29 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-10 18:29 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-10 18:29 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-10 18:29 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-10 18:29 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-10 18:29 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-10 18:29 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-10 18:29 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-10 18:29 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-10 18:27 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-10 18:27 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 18:27 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-10 18:22 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-10 18:22 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-08 10:29 . 2015-03-08 10:29 -------- d-----w- c:\users\Jirka\AppData\Local\Steam
2015-03-04 08:53 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-04 08:53 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-04 08:53 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-04 08:53 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-25 13:53 . 2014-11-23 11:43 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2015-03-14 10:02 . 2015-03-25 14:03 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D7D0BAB-9DE4-45B9-9B77-E0779F1796F6}\mpengine.dll
2015-03-11 02:04 . 2014-01-28 16:29 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 05:42 . 2015-03-10 18:26 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-10 18:26 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-05 14:45 . 2014-09-14 15:40 236840 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2015-03-03 13:43 . 2014-09-14 10:11 202040 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-03-03 13:43 . 2013-12-29 13:17 202040 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-02-24 03:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-02-16 15:20 . 2013-07-04 07:12 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-02-15 13:33 . 2013-06-21 17:14 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-02-06 16:23 . 2014-09-14 10:11 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2015-02-06 14:38 . 2013-07-15 09:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 14:38 . 2013-07-15 09:34 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 14:38 . 2015-02-06 14:38 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-05 21:01 . 2015-02-13 18:30 995248 ----a-w- c:\windows\system32\nvumdshimx.dll
2015-02-05 21:01 . 2015-02-13 18:30 877816 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2015-02-05 21:01 . 2015-02-13 18:30 32106640 ----a-w- c:\windows\system32\nvoglv64.dll
2015-02-05 21:01 . 2015-02-13 18:30 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2015-02-13 18:30 13294528 ----a-w- c:\windows\system32\nvopencl.dll
2015-02-05 21:01 . 2015-02-13 18:30 10773704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-02-05 21:01 . 2015-02-13 18:30 969872 ----a-w- c:\windows\system32\NvIFR64.dll
2015-02-05 21:01 . 2015-02-13 18:30 943760 ----a-w- c:\windows\system32\NvFBC64.dll
2015-02-05 21:01 . 2015-02-13 18:30 929936 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-02-05 21:01 . 2015-02-13 18:30 908104 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-02-05 21:01 . 2015-02-13 18:30 496272 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2015-02-05 21:01 . 2015-02-13 18:30 399504 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2015-02-05 21:01 . 2015-02-13 18:30 390472 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2015-02-05 21:01 . 2015-02-13 18:30 353224 ----a-w- c:\windows\system32\nvoglshim64.dll
2015-02-05 21:01 . 2015-02-13 18:30 345744 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2015-02-05 21:01 . 2015-02-13 18:30 305136 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2015-02-05 21:01 . 2015-02-13 18:30 24768144 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-02-05 21:01 . 2015-02-13 18:30 177624 ----a-w- c:\windows\system32\nvinitx.dll
2015-02-05 21:01 . 2015-02-13 18:30 164752 ----a-w- c:\windows\SysWow64\nvinit.dll
2015-02-05 21:01 . 2015-02-13 18:30 10284872 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-02-05 21:01 . 2015-02-13 18:30 3610768 ----a-w- c:\windows\system32\nvcuvid.dll
2015-02-05 21:01 . 2015-02-13 18:30 3247248 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-02-05 21:01 . 2015-02-13 18:30 25460880 ----a-w- c:\windows\system32\nvcompiler.dll
2015-02-05 21:01 . 2015-02-13 18:30 20466496 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-02-05 21:01 . 2015-02-13 18:30 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-13 18:30 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-02-05 21:01 . 2015-02-13 18:30 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 21:01 . 2015-02-13 18:30 13208200 ----a-w- c:\windows\system32\nvcuda.dll
2015-02-05 21:01 . 2015-02-13 18:30 10713256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-02-05 21:01 . 2015-01-30 11:30 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2014-11-26 14:19 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-02-05 21:01 . 2013-07-02 16:17 3299512 ----a-w- c:\windows\system32\nvapi64.dll
2015-02-05 21:01 . 2013-07-02 16:17 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2013-06-06 09:59 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-05 21:01 . 2013-06-06 09:59 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-05 19:07 . 2013-08-10 10:22 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2013-08-10 10:22 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2013-08-10 10:22 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2013-08-10 10:22 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2013-08-10 10:22 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2013-08-10 10:22 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-05 17:57 . 2015-02-13 18:34 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-02-05 12:50 . 2013-08-10 10:22 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-04 03:16 . 2015-02-11 11:06 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 11:06 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 11:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 11:06 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 11:06 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 11:06 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 11:06 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 11:06 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-23 16:13 . 2015-01-23 16:11 707354 ----a-w- c:\windows\unins001.exe
2015-01-16 06:41 . 2014-07-01 11:01 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-01-16 06:41 . 2013-11-02 10:12 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-01-16 06:41 . 2014-07-01 11:01 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-01-16 06:41 . 2013-11-02 10:12 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-01-13 04:15 . 2015-01-30 11:30 30536 ----a-w- c:\windows\system32\nvhdap64.dll
2015-01-13 04:15 . 2015-01-30 11:30 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2015-01-13 04:15 . 2014-01-13 16:41 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2015-01-10 08:07 . 2015-01-30 11:30 1556808 ----a-w- c:\windows\system32\nvdispgenco6434725.dll
2015-01-10 08:07 . 2015-01-30 11:30 1895240 ----a-w- c:\windows\system32\nvdispco6434725.dll
2012-12-31 06:12 . 2014-02-23 11:56 54 ----a-w- c:\program files (x86)\Launch.bat
2009-10-23 22:00 . 2013-12-26 11:10 5811712 ----a-w- c:\program files (x86)\Nexus.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Jirka\AppData\Roaming\uTorrent\utorrent.exe" [2013-11-11 899416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-05 4085896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Samsung.PCSync"="c:\program files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BRDriver64;BRDriver64; [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 clwvd;CyberLink WebCam Virtual Driver; [x]
R3 cpuz134;cpuz134;c:\users\lukas\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\lukas\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 cpuz136;cpuz136;c:\users\Jirka\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Jirka\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 esgiguard;esgiguard; [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys;c:\windows\SYSNATIVE\DRIVERS\pspdisp_x64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 qcusbnet;Qualcomm USB-NDIS miniport;c:\windows\system32\DRIVERS\innosusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\innosusbnet.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\innosusbser.sys;c:\windows\SYSNATIVE\DRIVERS\innosusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20131105.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20131105.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys;c:\windows\SYSNATIVE\DRIVERS\SMARTVTabletPCx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-09 10:08 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 14:38]
.
2015-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 11:35]
.
2015-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 11:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-05 09:47 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.168.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files (x86)\DAP\dapie.dll
FF - ProfilePath - c:\users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\
FF - ExtSQL: !HIDDEN! 2013-06-18 14:44; pluswinks@PlusWinks; c:\users\Jirka\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
FF - ExtSQL: !HIDDEN! 2013-06-18 14:45; speedanalysis02@SpeedAnalysis.com; c:\users\Jirka\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF - ExtSQL: !HIDDEN! 2014-09-28 13:57; faststartff@gmail.com; c:\users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\extensions\faststartff@gmail.com
FF - ExtSQL: !HIDDEN! 2014-12-24 10:55; detgdp@gmail.com; c:\users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\extensions\detgdp@gmail.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
BHO-{12b5b5fa-fc23-440f-876e-18a1f68d1705} - c:\program files (x86)\RegulaaurDeals\Lr3wYIkHW8fDPI.x64.dll
BHO-{6168e289-eeda-4154-bb40-9cce046e13a4} - c:\program files (x86)\FunDealss\2bWFLQ2yVKSxWs.x64.dll
BHO-{f8d8c0b9-13f6-45c2-9311-097df16fc84c} - c:\program files (x86)\ROboSavver\rUaZPJICrtIRHt.x64.dll
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{11C0A110-232F-EF51-082E-5270F260692C}_is1 - c:\program files (x86)\Minecraft mapa s koly 2
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-Google Chrome - c:\users\lukas\AppData\Local\Google\Chrome\Application\35.0.1916.114\Installer\setup.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
AddRemove-SOE-PlanetSide 2 - c:\games\steam\steamapps\common\PlanetSide 2\Uninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Jirka\AppData\Local\Unity\WebPlayer\Uninstall.exe
AddRemove-{084EE187-B928-4BF5-A2F9-0CA2FC0C356C} - c:\users\Jirka\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe
AddRemove-{E2AF26F0-6DCC-410c-A24D-ED093DDE1638} - c:\users\lukas\AppData\Roaming\iPumper\ipumperinst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004\Software\SecuROM\License information*]
"datasecu"=hex:63,d3,61,a7,8e,01,01,5a,6b,9a,91,96,e4,ce,8b,31,13,6c,c8,7e,79,
b9,f4,1b,94,4d,5f,f4,82,ca,2b,81,bc,75,59,e5,b1,9f,ba,9f,40,94,42,c3,1e,09,\
"rkeysecu"=hex:76,b4,4c,3a,3e,fb,d6,c2,77,1f,41,3c,1b,3c,0b,bc
.
[HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\c:\Games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T17:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T17:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T17:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T17:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004_Classes\CLSID\{E3271233-31F8-A941-A4A9-8847ECBA539C}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
c:\users\Jirka\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
.
**************************************************************************
.
Celkový čas: 2015-03-25 17:19:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-25 16:19
.
Před spuštěním: Volných bajtů: 66 825 674 752
Po spuštění: Volných bajtů: 66 036 281 344
.
- - End Of File - - 1D82BF6000A7CDFC38BD5259205AFD7F
A36C5E4F47E84449FF07ED3517B43A31

[Wrozer]

Zoek.exe v5.0.0.0 Updated 05-March-2015
Tool run by Jirka on st 25.03.2015 at 15:00:26,17.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jirka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-03-24-180606.log 3239 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2121263484-1352607103-1728601742-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\prefs.js:
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.order.1", "Seznam");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\prefs.js:

Deleted from C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\prefs.js:
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\VERONI~1.LUK\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default\prefs.js:

Added to C:\Users\VERONI~1.LUK\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_25.03.2015_1528_.backup

ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default

user.js not found
---- Lines CT1750559 removed from prefs.js ----
user_pref("CT1750559.1000082.isPlayDisplay", "true");
user_pref("CT1750559.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM Dance\",\"description\":\"1.FM Dance\",\"url\":\"mms://dance.1.fm/energyd
user_pref("CT1750559.1000234.TWC_country", "CZECH REPUBLIC");
user_pref("CT1750559.1000234.TWC_location", "Lutin, OL, Czech Republic");
user_pref("CT1750559.1000234.TWC_locId", "EZOL0390");
user_pref("CT1750559.1000234.TWC_region", "OT");
user_pref("CT1750559.1000234.TWC_temp_dis", "c");
user_pref("CT1750559.1000234.TWC_TMP_city", "LUTIN");
user_pref("CT1750559.1000234.TWC_TMP_country", "CZ");
user_pref("CT1750559.1000234.TWC_wind_dis", "kmh");
user_pref("CT1750559.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT1750559.browser.search.defaultthis.engineName", "true");
user_pref("CT1750559.countryCode", "CZ");
user_pref("CT1750559.defaultSearch", "true");
user_pref("CT1750559.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1750559.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1750559.enableAlerts", "true");
user_pref("CT1750559.enableSearchFromAddressBar", "true");
user_pref("CT1750559.FF19Solved", "true");
user_pref("CT1750559.FirstTime", "true");
user_pref("CT1750559.firstTimeDialogOpened", "true");
user_pref("CT1750559.FirstTimeFF3", "true");
user_pref("CT1750559.fixPageNotFoundError", "true");
user_pref("CT1750559.fixPageNotFoundErrorByUser", "true");
user_pref("CT1750559.fixPageNotFoundErrorInHidden", "true");
user_pref("CT1750559.fullUserID", "UN21473752183068058.IN.20131114164521");
user_pref("CT1750559.installDate", "14/11/2013 16:45:24");
user_pref("CT1750559.installerVersion", "1.8.1.4");
user_pref("CT1750559.installId", "dm");
user_pref("CT1750559.installSessionId", "9df757df-deed-4318-bb3a-3e2ae597b156");
user_pref("CT1750559.installSp", "FALSE");
user_pref("CT1750559.installUsageEarly", "2014-04-11T17:44:09.2422205+03:00");
user_pref("CT1750559.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1750559.isFirstTimeToolbarLoading", "false");
user_pref("CT1750559.isCheckedStartAsHidden", true);
user_pref("CT1750559.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT1750559.keyword", "true");
user_pref("CT1750559.lastVersion", "10.22.3.18");
user_pref("CT1750559.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT1750559.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1750559.openThankYouPage", "false");
user_pref("CT1750559.openUninstallPage", "true");
user_pref("CT1750559.originalSearchAddressUrl", "");
user_pref("CT1750559.revertSettingsEnabled", "false");
user_pref("CT1750559.search.searchAppId", "128520273115419467");
user_pref("CT1750559.search.searchCount", "0");
user_pref("CT1750559.searchFromAddressBarEnabledByUser", "true");
user_pref("CT1750559.searchInNewTabEnabledByUser", "true");
user_pref("CT1750559.searchInNewTabEnabledInHidden", "true");
user_pref("CT1750559.searchRevert", "false");
user_pref("CT1750559.searchSuggestEnabledByUser", "true");
user_pref("CT1750559.searchUninstallUserMode", "1");
user_pref("CT1750559.searchUserMode", "1");
user_pref("CT1750559.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1750559.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT1750559.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1750559\"}");
user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://BSPlayerControlBar.OurToolba
user_pref("CT1750559.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"BS Player ControlBar \"}");
user_pref("CT1750559.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT1750559.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT1750559.serviceLayer_services_appsMetadata_lastUpdate", "1413276811525");
user_pref("CT1750559.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1413276811891");
user_pref("CT1750559.serviceLayer_services_Configuration_lastUpdate", "1413276812103");
user_pref("CT1750559.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1413276811530");
user_pref("CT1750559.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1397227453508");
user_pref("CT1750559.serviceLayer_services_login_10.22.3.18_lastUpdate", "1413276811691");
user_pref("CT1750559.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1413276811746");
user_pref("CT1750559.serviceLayer_services_searchAPI_lastUpdate", "1413276812038");
user_pref("CT1750559.serviceLayer_services_serviceMap_lastUpdate", "1413276811502");
user_pref("CT1750559.serviceLayer_services_toolbarContextMenu_lastUpdate", "1413276811593");
user_pref("CT1750559.serviceLayer_services_toolbarSettings_lastUpdate", "1413276811569");
user_pref("CT1750559.serviceLayer_services_translation_lastUpdate", "1413276811516");
user_pref("CT1750559.settingsINI", true);
user_pref("CT1750559.shouldFirstTimeDialog", "false");
user_pref("CT1750559.showToolbarPermission", "false");
user_pref("CT1750559.startPage", "true");
user_pref("CT1750559.toolbarBornServerTime", "11-5-2014");
user_pref("CT1750559.toolbarCurrentServerTime", "14-10-2014");
user_pref("CT1750559.toolbarInstallDate", "14-11-2013 16:45:21");
user_pref("CT1750559.toolbarLoginClientTime", "Sun May 11 2014 17:15:13 GMT+0200");
user_pref("CT1750559.UserID", "UN21473752183068058");
user_pref("CT1750559.versionFromInstaller", "10.22.3.18");
user_pref("CT1750559.xpeMode", "0");
user_pref("CT1750559_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1413276796712,\"isWithState\":\"\",\"timeFromStar
---- Lines a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855 removed from prefs.js ----
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.active", true);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.addressbar", "NA");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.addressbarenhanced", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.asyncinternaldb.monetization_plugin_loader_session_page_impres
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.asyncinternaldb.monetization_plugin_loader_session_page_impres
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.asyncinternaldb.monetization_plugin_monetization_impression_bu
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.asyncinternaldb.monetization_plugin_monetization_impression_bu
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.asyncinternaldb.monetization_plugin_monetization_page_view.exp
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.asyncinternaldb.monetization_plugin_monetization_page_view.val
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.backgroundver", 2);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.certdomaininstaller", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.cookie.InstallationTime.value", "%221406312465%22");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001823
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.description", "The must-have App extensions for Television fan
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.domain", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.enablesearch", false);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.homepage", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.changeprevious", false);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.iframe", false);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.InstallationThankYouPage", false);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.InstallationTime", 1406312465);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 0
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb._installer_additional_info.expiration", "Fri Feb 01
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb._installer_additional_info.value", "%7B%22asw%22%3A
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%2
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%2200
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_bundledUrls.expiration", "Fri F
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_bundledWithHash.expiration", "F
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_bundledWithHash.value", "null")
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_notBundledArr_.expiration", "Fr
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_regBundledWithSoftware.expirati
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.monetization_plugin_regBundledWithSoftware.value",
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.Resources_remote_resources.expiration", "Fri Feb 01
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.internaldb.Resources_remote_resources.value", "%7B%22remoteId%
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.lastDailyReport", "1413276859160");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.lastUpdate", "1413276793250");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.manifesturl", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.name", "TheTorntvs V10");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.newtab", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.opensearch", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.pluginsurl", "http://js.newdemoonlinecloud.com/plugin/apps/618
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.pluginsversion", 6);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.publisher", "Joseph CM");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.searchstatus", 0);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.setnewtab", false);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.thankyou", "");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.updateinterval", 360);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.61855.ver", 10);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.apps", "61855");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.bic", "145513eef43a70aa986b5af6941c204b");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.cid", 61855);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.firstrun", false);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.hadappinstalled", true);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.installationdate", 1413276795);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.installerAdditionalInfo", "{\"asw\":[2, -1564475067, 16818176]}");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.modetype", "production");
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.reportInstall", true);
user_pref("extensions.a44e4876d5886435183fea8e44f892d6c2ac4a44858c85e3636com61855.statsDailyCounter", 1);
---- Lines af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568 removed from prefs.js ----
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.active", true);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.addressbar", "NA");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.addressbarenhanced", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.backgroundver", 1);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.certdomaininstaller", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.description", "Turn YouTube videos to High Defin
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.domain", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.enablesearch", false);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.homepage", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.changeprevious", false);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.iframe", false);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.lastUpdate", "1413276802655");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.manifesturl", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.name", "Plus-HD-V1.8");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.newtab", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.opensearch", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.pluginsurl", "http://js.newgenonlinesrv.com/plug
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.publisher", "Plus HD");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.setnewtab", false);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.thankyou", "");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.updateinterval", 360);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.bic", "145513eef43a70aa986b5af6941c204b");
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.installationdate", 1413276795);
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.installerAdditionalInfo", "{\"asw\":[2, 578814021, 168
user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.modetype", "production");
---- Lines PlusWinks removed from prefs.js ----
user_pref("extensions.pluswinks@PlusWinks.id", "\"315f60c9-7e19-11dc-d75b-eddffc9e3a51\"");
user_pref("extensions.pluswinks@PlusWinks.mzID", "63");
---- Lines SpeedAnalysis removed from prefs.js ----
user_pref("extensions.speedanalysis02@SpeedAnalysis.com.id", "\"05226a14-9db0-8ba7-f8b8-f6491361f0f6\"");
user_pref("extensions.speedanalysis02@SpeedAnalysis.com.mzID", "75");
---- Lines extensions.53w removed from prefs.js ----
user_pref("extensions.53w.epoch", "1399907710");
user_pref("extensions.53w.url", "http://discountgetdirect.ru/sync2/?q=hfZ9ofqZrewMCyVUojwMg708BNmGWj8deShGheDUojw9rdsErjwHqjY8qihIC7n0rjnEqjwFrjkFqja4
---- Lines extensions.BBQZUft6rEN removed from prefs.js ----
user_pref("extensions.BBQZUft6rEN.epoch", "1399907710");
user_pref("extensions.BBQZUft6rEN.url", "http://foreveryboxzip.ru/sync2/?q=hfZ9ofrGDihEAen0rihTB6lKDzt4okqAtNtVh7n0rjnErTw8rdYHqjs6tMFHhd9Fqda8rjwFqjw
---- Lines extensions.MPV4ogEVQwt removed from prefs.js ----
user_pref("extensions.MPV4ogEVQwt.epoch", "1399907710");
user_pref("extensions.MPV4ogEVQwt.url", "http://discountgetdirect.ru/sync2/?q=hfZ9oemNAyOMCyVUojaMg708BNmGWj8deShGheDUojw9rdsFrHw9rdC9qchIC7n0rjnEqjwF
---- Lines extensions.W8C8OlE removed from prefs.js ----
user_pref("extensions.W8C8OlE.epoch", "1399907710");
user_pref("extensions.W8C8OlE.url", "http://veteranusashare.ru/sync2/?q=hfZ9oeV9CGhEAen0rihTB6lKDzt4okqAtNtVh7n0rjnErjs4rjk8qjrEtMFHhd9Fqda8rjwFqjw8rd
---- Lines extensions.c1iqp5 removed from prefs.js ----
user_pref("extensions.c1iqp5.epoch", "1399907711");
user_pref("extensions.c1iqp5.url", "http://discountgetdirect.ru/sync2/?q=hfZ9ofqMDyrMCyVUojwMg708BNmGWj8deShGheDUojw9rdwGpjw8qjkFrGhIC7n0rjnEqjwFrjkFq
---- Lines extensions.crowDY removed from prefs.js ----
user_pref("extensions.crowDY.epoch", "1399907712");
user_pref("extensions.crowDY.url", "http://toolkitsetusa.info/sync2/?q=hfZ9ojwHgMDKtNbPhd9FtMqLDe49CNU0n8OMCMlNhd9FqdaHrTsFqHsEqjgMBzqUojw9rdkFrjw8rjk
---- Lines extensions.uwX4d9WExhEd removed from prefs.js ----
user_pref("extensions.uwX4d9WExhEd.epoch", "1");
user_pref("extensions.uwX4d9WExhEd.scode", "void(0);");
user_pref("extensions.uwX4d9WExhEd.url", "http://filesgetitnow.com/sync/?q=hfZ9oeZJh7YMCyVUojaMg708BNmGWj8gechGheDUojw9rdYEpjwEqjrEqGhPBMn0qTk5rjk5qHs
---- FireFox user.js and prefs.js backups ----

prefs_25.03.2015_1528_.backup

ProfilePath: C:\Users\VERONI~1.LUK\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default

user.js not found
---- Lines babylon modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"FFPDFArchitectConverter@pdfarchitect.com\":{\"descriptor\":\"C:\\
---- Lines FFPDFArchitectConverter@pdfarchitect.com modified from prefs.js ----

user_pref("extensions.enabledAddons", "FFPDFArchitectConverter@pdfarchitect.com:1.0,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:12.0.3.2 - 1,wrc@avast.com:
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"FFPDFArchitectConverter@pdfarchitect.com\":{\"descriptor\":\"C:\\
---- FireFox user.js and prefs.js backups ----

prefs_25.03.2015_1528_.backup

==== Deleting Files \ Folders ======================

C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com not found
"C:\Windows\Installer\60adb.msi" not found
C:\PROGRA~2\Context Menu Search deleted
C:\PROGRA~2\DelugeSiphon deleted
C:\PROGRA~2\Hearthstone Stream Browser deleted
C:\PROGRA~2\Hulu TV Shows deleted
C:\PROGRA~2\RightScale SSH deleted
C:\ProgramData\ccopuunk deleted
C:\ProgramData\clIckiuT deleted
C:\Users\Jirka\AppData\LocalLow\{2BE7984D-C01C-8E04-CAF2-12129281F8C9} deleted
C:\Users\Jirka\AppData\LocalLow\{41BFDB66-769A-269D-0630-EEABA09B1D5E} deleted
C:\Users\Jirka\AppData\LocalLow\{4D1F2073-C92C-0447-D58E-C9B69F37BE53} deleted
C:\Users\Jirka\AppData\LocalLow\{4D893DB2-7AD9-B64D-F2EC-E69694963C10} deleted
C:\Users\Jirka\AppData\LocalLow\{6534D9F4-329B-C5E7-F091-B16F4A3998B3} deleted
C:\Users\Jirka\AppData\LocalLow\{6F607F17-4415-292C-9948-1ADB507069F4} deleted
C:\Users\Jirka\AppData\LocalLow\{7FC87B38-9EF1-003B-FF11-AE59504F002E} deleted
C:\Users\Jirka\AppData\LocalLow\{85CD11CD-E8DA-8A81-08FB-ADD0B5199D54} deleted
C:\Users\Jirka\AppData\LocalLow\{88F6BFCA-6994-61F6-715B-E81C759FD4D4} deleted
C:\Users\Jirka\AppData\LocalLow\{93C1265D-DCD4-D4E0-822B-DD2242F48B32} deleted
C:\Users\Jirka\AppData\LocalLow\{96E1777B-F373-4F5C-E74D-91051C916E17} deleted
C:\Users\Jirka\AppData\LocalLow\{971075DC-8ACE-4915-4D25-2EB5A1DE7427} deleted
C:\Users\Jirka\AppData\LocalLow\{9BDC250A-0C18-EE35-97DC-68CDC8939329} deleted
C:\Users\Jirka\AppData\LocalLow\{B3469B2A-4CC5-F277-A6BE-DF5165AB8600} deleted
C:\Users\Jirka\AppData\LocalLow\{EB2CDF0F-356D-81F5-BFBE-DFB88FBBC9DC} deleted
C:\Users\Jirka\AppData\LocalLow\{F9001C31-C6B3-36B1-3156-419DDC07015B} deleted
C:\Users\lukas\AppData\LocalLow\{2BE7984D-C01C-8E04-CAF2-12129281F8C9} deleted
C:\Users\lukas\AppData\LocalLow\{41BFDB66-769A-269D-0630-EEABA09B1D5E} deleted
C:\Users\lukas\AppData\LocalLow\{4D1F2073-C92C-0447-D58E-C9B69F37BE53} deleted
C:\Users\lukas\AppData\LocalLow\{4D893DB2-7AD9-B64D-F2EC-E69694963C10} deleted
C:\Users\lukas\AppData\LocalLow\{6534D9F4-329B-C5E7-F091-B16F4A3998B3} deleted
C:\Users\lukas\AppData\LocalLow\{6F607F17-4415-292C-9948-1ADB507069F4} deleted
C:\Users\lukas\AppData\LocalLow\{7FC87B38-9EF1-003B-FF11-AE59504F002E} deleted
C:\Users\lukas\AppData\LocalLow\{88F6BFCA-6994-61F6-715B-E81C759FD4D4} deleted
C:\Users\lukas\AppData\LocalLow\{93C1265D-DCD4-D4E0-822B-DD2242F48B32} deleted
C:\Users\lukas\AppData\LocalLow\{96E1777B-F373-4F5C-E74D-91051C916E17} deleted
C:\Users\lukas\AppData\LocalLow\{971075DC-8ACE-4915-4D25-2EB5A1DE7427} deleted
C:\Users\lukas\AppData\LocalLow\{9BDC250A-0C18-EE35-97DC-68CDC8939329} deleted
C:\Users\lukas\AppData\LocalLow\{B3469B2A-4CC5-F277-A6BE-DF5165AB8600} deleted
C:\Users\lukas\AppData\LocalLow\{EB2CDF0F-356D-81F5-BFBE-DFB88FBBC9DC} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{2BE7984D-C01C-8E04-CAF2-12129281F8C9} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{41BFDB66-769A-269D-0630-EEABA09B1D5E} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{6F607F17-4415-292C-9948-1ADB507069F4} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{88F6BFCA-6994-61F6-715B-E81C759FD4D4} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{96E1777B-F373-4F5C-E74D-91051C916E17} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{971075DC-8ACE-4915-4D25-2EB5A1DE7427} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{B3469B2A-4CC5-F277-A6BE-DF5165AB8600} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{2BE7984D-C01C-8E04-CAF2-12129281F8C9} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{6534D9F4-329B-C5E7-F091-B16F4A3998B3} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{7FC87B38-9EF1-003B-FF11-AE59504F002E} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{96E1777B-F373-4F5C-E74D-91051C916E17} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{EB2CDF0F-356D-81F5-BFBE-DFB88FBBC9DC} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{41BFDB66-769A-269D-0630-EEABA09B1D5E} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{6F607F17-4415-292C-9948-1ADB507069F4} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{85CD11CD-E8DA-8A81-08FB-ADD0B5199D54} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{88F6BFCA-6994-61F6-715B-E81C759FD4D4} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{971075DC-8ACE-4915-4D25-2EB5A1DE7427} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{9BDC250A-0C18-EE35-97DC-68CDC8939329} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{B07E65BD-C521-34DF-E2EF-058B9E8F7445} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{B3469B2A-4CC5-F277-A6BE-DF5165AB8600} deleted
C:\Users\Jirka\AppData\Local\Packages\windows_ie_ac_001\AC\{F9001C31-C6B3-36B1-3156-419DDC07015B} deleted
C:\Users\lukas\AppData\Local\Packages\windows_ie_ac_001\AC\{4D1F2073-C92C-0447-D58E-C9B69F37BE53} deleted
C:\Users\lukas\AppData\Local\Packages\windows_ie_ac_001\AC\{4D893DB2-7AD9-B64D-F2EC-E69694963C10} deleted
C:\Users\lukas\AppData\Local\Packages\windows_ie_ac_001\AC\{93C1265D-DCD4-D4E0-822B-DD2242F48B32} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{2BE7984D-C01C-8E04-CAF2-12129281F8C9} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{7FC87B38-9EF1-003B-FF11-AE59504F002E} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{83E63AA4-14A1-E7C3-43AA-E20D711DB6A9} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{96E1777B-F373-4F5C-E74D-91051C916E17} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{EB2CDF0F-356D-81F5-BFBE-DFB88FBBC9DC} deleted
C:\PROGRA~3\4257847083260862076 deleted
C:\Users\Jirka\AppData\Local\31545 deleted
C:\Users\Jirka\AppData\Local\31656 deleted
C:\Users\Jirka\.android deleted
C:\Users\lukas\.android deleted
C:\PROGRA~3\RemOvueaADsTUbae deleted
C:\PROGRA~2\Special Uninstaller deleted
C:\PROGRA~2\Skillbrains deleted
C:\Program Files\Common Files\SpeedBit deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\Users\Jirka\AppData\Roaming\appdataFr3.bin deleted
C:\Users\Jirka\AppData\Roaming\Genieo deleted
C:\Users\Jirka\AppData\Roaming\WinZip\WinZipDU deleted
C:\Users\lukas\AppData\Roaming\appdataFr3.bin deleted
C:\Users\Veronika.lukas-PC\AppData\Roaming\appdataFr3.bin deleted
C:\Users\Veronika.lukas-PC\AppData\Roaming\WinZip\WinZipDU deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\SpeedBit deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jirka\AppData\Local\updater.log deleted
C:\Users\Jirka\AppData\Local\CrashRpt deleted
C:\Users\lukas\AppData\Local\Pokki deleted
C:\Users\lukas\AppData\Local\cache deleted
C:\Users\lukas\AppData\Local\CrashRpt deleted
C:\Users\lukas\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Genieo deleted
C:\windows\SysNative\Tasks\avast! Emergency Update deleted
C:\Users\Public\Documents\GOOBZO deleted
C:\rei deleted
C:\Users\Jirka\AppData\LocalLow\IObit Apps deleted
C:\Users\Jirka\AppData\LocalLow\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1} deleted
C:\Users\lukas\AppData\LocalLow\IObit Apps deleted
C:\Users\lukas\AppData\LocalLow\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1} deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\IObit Apps deleted
C:\Users\Veronika.lukas-PC\AppData\LocalLow\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1} deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\adm deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWOW64\AniGIF.ocx deleted
C:\Users\lukas\Documents\Add-in Express deleted
C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\jetpack deleted
C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\extensions\staged deleted
C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\CT1750559 deleted
C:\Users\VERONI~1.LUK\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default\extensions\staged deleted
C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} deleted
C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks deleted
C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\smartbar deleted
"C:\Users\Jirka\AppData\Local\LumaEmu" deleted
"C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default\extensions\iobitapps@mybrowserbar.com" deleted
"C:\Users\Jirka\AppData\Roaming\glister\mss_update.exe" deleted
"C:\Users\Jirka\AppData\Roaming\glister\nvm" deleted
"C:\Users\Jirka\AppData\Roaming\glister\nvm.dll" deleted
"C:\Users\Jirka\AppData\Roaming\glister" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\VERONI~1.LUK\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"daplinkchecker@speedbit.com"="C:\Program Files (x86)\DAP\daplinkchecker" [26.09.2014 16:14]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}"="C:\Program Files (x86)\DAP\DAPFireFox" [26.09.2014 16:14]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Download Accelerator Plus DAP extension - C:\Program Files (x86)\DAP\DAPFireFox
- DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker

ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\b4dn6zje.default
- Undetermined - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home67\ff
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha463\ff
- Undetermined - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta364\ff
- Undetermined - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1303\ff
- Undetermined - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release2233\ff
- DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker
- Undetermined - C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
- Undetermined - C:\Users\Jirka\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
- Undetermined - C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default\extensions\faststartff@gmail.com

ProfilePath: C:\Users\VERONI~1.LUK\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default
- PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
- Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFF
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha463\ff
- Undetermined - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta364\ff
- Undetermined - C:\Users\Veronika.lukas-PC\AppData\Roaming\Mozilla\Firefox\Profiles\ecdcd45q.default\extensions\f80af4ec-42b9-429d-99b0-4078ec7cf864@44882d20-8865-4b13-b79e-ae8470d9a955.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\c1lpdf30.default
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
FD6ACD9D85177259D442A0C4AC15F7B8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll - Shockwave Flash
A850CDD9B02AD865A18FAE00A95B9D63 - C:\Users\Jirka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Fake Chromium Profiles Check ======================

Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 35.0.1916.153 (Could not determine latest Stable Version)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05.08.2014 10:47]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx[12.09.2013 12:19]

Webexp Enhanced - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeopjpfenmdkbhieccibdkbalajlfbbm
Hulu TV Shows - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk
Battlefield Heroes - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
RemOvueaADsTUbae - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\faogfekbfbnbfjpkknfhgihejdkiggem
Simple Window Saver - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfmklldfnlcblofkhdeoohfppdoejdc
DelugeSiphon - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabdloknkpdefdpkkibplcfnkngbidim
Re§im ECHO je vypnut. - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp
Humble New Tab Page - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj
Norton Identity Protection - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Hearthstone Stream Browser - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil
Context Menu Search - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga
TheGoPhoto.it V10 - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha
RightScale SSH - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm
Ebay Shopping Assistant by Spigot - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp
Hulu TV Shows - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk
TheGoPhoto.it V10 - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fhpakgdnncieelihbbgoamgmaijegbmg
Simple Window Saver - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fpfmklldfnlcblofkhdeoohfppdoejdc
DelugeSiphon - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gabdloknkpdefdpkkibplcfnkngbidim
Humble New Tab Page - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj
Date Today - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mhgknbehalhkedjgfhiaindklahhkccc
Hearthstone Stream Browser - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\obdejhodejngcbmkiddfjkieejekbfil
Context Menu Search - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga
RightScale SSH - lukas\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pfmkeekfkpfecccgbliieogmgmijklpm
Download Button - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\alakoggmijiicdlcjjeakffojoinhlpg
SiteLauncher - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo
TabCarousel - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddldimidiliclngjipajmjjiakhbcohn
Yammer - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdjjmchbpfegaimkomhpfkcjhcgiafae
Film Stack - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcloglcoibdbkafhnmghmaeofdikpnm
UGamesFree - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjfmnkdhofinoneeildlkomahhbpleae
EXIF Viewer - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm
Reddit Hover Text - lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\phhpajlkjeoakfmckfnogpnfeidgbhil
Hulu TV Shows - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\babdabjblhdjecooajkeenhbaegcdcgk
Simple Window Saver - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfmklldfnlcblofkhdeoohfppdoejdc
DelugeSiphon - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gabdloknkpdefdpkkibplcfnkngbidim
Re§im ECHO je vypnut. - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp
avast Online Security - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Humble New Tab Page - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj
Date Today - Veronika.lukas-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgknbehalhkedjgfhiaindklahhkccc