vše se dlouho načítá prosím o kontrolu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:57, on 25.2.2015
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Vojta\Desktop\Málo používané aplikace\Actual Booster\ActlBstr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\Desktop\Musics\HijackThis.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: taKesavie - {16aad60a-0a83-4c07-9869-d31271a7209f} - C:\ProgramData\taKesavie\H1JCOoaXj6ClGN.dll
O2 - BHO: dolloarkeeper - {28ec18ac-ebbb-433c-8352-4ab1a3ef576a} - C:\ProgramData\dolloarkeeper\vMPLg6NdEqtiHp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: RanndoumPrice - {99013bd4-c2fd-49e2-b68e-2275d4af9c74} - C:\Program Files\RanndoumPrice\02lndBxreBRxUX.dll
O2 - BHO: MiNimumPruiecE - {a37b0c25-b81a-41cd-a1f3-aa5d28081f76} - C:\ProgramData\MiNimumPruiecE\Qyy9oMZdKs9Zyy.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing)
O23 - Service: Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (file missing)
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193 (idsvc) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\Windows\system32\nethtsrv.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\Windows\system32\netupdsrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
--
End of file - 5854 bytes
Prosím o kontrolu logu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
# AdwCleaner v4.111 - Logfile created 26/02/2015 at 17:37:22
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Vojta - VOJTA-PC
# Running from : C:\Users\Vojta\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : 40030ae4
Service Deleted : APNMCP
[#] Service Deleted : nethfdrv
Service Deleted : NethxxpService
Service Deleted : ServiceUpdater
[#] Service Deleted : 24c54e38
***** [ Files / Folders ] *****
Folder Deleted : C:\PC Cleaner
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\CostMin
Folder Deleted : C:\ProgramData\Isaver
Folder Deleted : C:\ProgramData\TakeTheCoupon
Folder Deleted : C:\ProgramData\FreeWorldApp
Folder Deleted : C:\ProgramData\50Coupons
Folder Deleted : C:\ProgramData\dolloarkeeper
Folder Deleted : C:\ProgramData\EnjooyCoupon
Folder Deleted : C:\ProgramData\EuXstiRaSavIngs
Folder Deleted : C:\ProgramData\MiNimumPruiecE
Folder Deleted : C:\ProgramData\Supreme AdBlocker
Folder Deleted : C:\ProgramData\taKesavie
Folder Deleted : C:\ProgramData\633015645001640935
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\CostMin
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Program Files\supporter
Folder Deleted : C:\Program Files\sitefinder
Folder Deleted : C:\Program Files\DeltaFix
Folder Deleted : C:\Program Files\RanndoumPrice
Folder Deleted : C:\Program Files\RobooSAveaR
Folder Deleted : C:\Users\Vojta\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Vojta\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Vojta\AppData\Roaming\SimilarAddon
Folder Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\Extensions\mLZv@m.com
Folder Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\Extensions\sq@b.edu
Folder Deleted : C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\drivers\nethfdrv.sys
File Deleted : C:\Windows\system32\hfpapi.dll
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Windows\system32\installd.exe
File Deleted : C:\Windows\system32\nethtsrv.exe
File Deleted : C:\Windows\system32\netupdsrv.exe
File Deleted : C:\Users\Vojta\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Vojta\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\invalidprefs.js
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\searchplugins\MyStart Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\searchplugins\Sweetpacks Search.xml
***** [ Scheduled tasks ] *****
Task Deleted : AmiUpdXp
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Deleted : HKLM\SOFTWARE\Classes\CostMin.CostMin
Key Deleted : HKLM\SOFTWARE\Classes\CostMin.CostMin.2.2
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\P16aad60a_0a83_4c07_9869_d31271a7209f_.P16aad60a_0a83_4c07_9869_d31271a7209f_
Key Deleted : HKLM\SOFTWARE\Classes\P16aad60a_0a83_4c07_9869_d31271a7209f_.P16aad60a_0a83_4c07_9869_d31271a7209f_.10
Key Deleted : HKLM\SOFTWARE\Classes\P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_.P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_
Key Deleted : HKLM\SOFTWARE\Classes\P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_.P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_.10
Key Deleted : HKLM\SOFTWARE\Classes\P99013bd4_c2fd_49e2_b68e_2275d4af9c74_.P99013bd4_c2fd_49e2_b68e_2275d4af9c74_
Key Deleted : HKLM\SOFTWARE\Classes\P99013bd4_c2fd_49e2_b68e_2275d4af9c74_.P99013bd4_c2fd_49e2_b68e_2275d4af9c74_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_.Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_
Key Deleted : HKLM\SOFTWARE\Classes\Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_.Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_.9
Key Deleted : HKLM\SOFTWARE\Classes\IIsaver.IIsaver
Key Deleted : HKLM\SOFTWARE\Classes\IIsaver.IIsaver.4.6
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0fd9a262-06e6-4ab4-9186-eb3b2efcca4a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16aad60a-0a83-4c07-9869-d31271a7209f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28ec18ac-ebbb-433c-8352-4ab1a3ef576a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6ba1f554-442d-445b-a2c3-685694b52221}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77d0838f-d42b-4d89-83e9-e4a10aee6127}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99013bd4-c2fd-49e2-b68e-2275d4af9c74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A035346B-394E-C694-B216-1C5AEBEF67B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a37b0c25-b81a-41cd-a1f3-aa5d28081f76}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a998beb9-d7ba-4cee-b245-2b308b58db82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDDC4678-E4BF-110A-EBD2-F5573F80DA16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AEF2BB85-DF75-41E2-8366-FB89A5F869F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16aad60a-0a83-4c07-9869-d31271a7209f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28ec18ac-ebbb-433c-8352-4ab1a3ef576a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99013bd4-c2fd-49e2-b68e-2275d4af9c74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b0c25-b81a-41cd-a1f3-aa5d28081f76}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fd9a262-06e6-4ab4-9186-eb3b2efcca4a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A035346B-394E-C694-B216-1C5AEBEF67B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a998beb9-d7ba-4cee-b245-2b308b58db82}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDDC4678-E4BF-110A-EBD2-F5573F80DA16}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0fd9a262-06e6-4ab4-9186-eb3b2efcca4a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{16aad60a-0a83-4c07-9869-d31271a7209f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{28ec18ac-ebbb-433c-8352-4ab1a3ef576a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ba1f554-442d-445b-a2c3-685694b52221}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{77d0838f-d42b-4d89-83e9-e4a10aee6127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99013bd4-c2fd-49e2-b68e-2275d4af9c74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A035346B-394E-C694-B216-1C5AEBEF67B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a37b0c25-b81a-41cd-a1f3-aa5d28081f76}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a998beb9-d7ba-4cee-b245-2b308b58db82}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BDDC4678-E4BF-110A-EBD2-F5573F80DA16}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D238A788-39B6-B97D-A5BA-13FE8E34E03C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3E136D9-6714-1654-9C26-821A64C4D5E7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D238A788-39B6-B97D-A5BA-13FE8E34E03C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E3E136D9-6714-1654-9C26-821A64C4D5E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
***** [ Web browsers ] *****
-\\ Internet Explorer v7.0.6001.18527
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://mysearch.sweetpacks.com/?barid=1523566091664898286&src=97&i=48&did=10963&&st=23");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("extensions.hYYyqZZ2IlEJUvfH.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com?src=6&barid=1523566091664898286&i=48&did=10963&&st=23&q=");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "yahoo.png");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Yahoo");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "yho");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://mysearch.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHPhxxp://www.google.cz/");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.simapp_id", "1523566091664898286");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&i=48&did=11034&ppd=1434,122991,20uQ2j0jlbgJEFGH0GZFrp1x3mSU000.,,,,sweet-player,,,www.sweetplayer.com&barid=152[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://mysearch.sweetpacks.com/?barid=$toolbar_id;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://ybar.sweetpacks.com/uninstall");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.version", "1.14.0.1");
-\\ Google Chrome v39.0.2171.95
[C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
*************************
AdwCleaner[R0].txt - [28497 bytes] - [26/02/2015 17:28:30]
AdwCleaner[S0].txt - [28287 bytes] - [26/02/2015 17:37:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28347 bytes] ##########
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (x86)
# Username : Vojta - VOJTA-PC
# Running from : C:\Users\Vojta\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : 40030ae4
Service Deleted : APNMCP
[#] Service Deleted : nethfdrv
Service Deleted : NethxxpService
Service Deleted : ServiceUpdater
[#] Service Deleted : 24c54e38
***** [ Files / Folders ] *****
Folder Deleted : C:\PC Cleaner
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\CostMin
Folder Deleted : C:\ProgramData\Isaver
Folder Deleted : C:\ProgramData\TakeTheCoupon
Folder Deleted : C:\ProgramData\FreeWorldApp
Folder Deleted : C:\ProgramData\50Coupons
Folder Deleted : C:\ProgramData\dolloarkeeper
Folder Deleted : C:\ProgramData\EnjooyCoupon
Folder Deleted : C:\ProgramData\EuXstiRaSavIngs
Folder Deleted : C:\ProgramData\MiNimumPruiecE
Folder Deleted : C:\ProgramData\Supreme AdBlocker
Folder Deleted : C:\ProgramData\taKesavie
Folder Deleted : C:\ProgramData\633015645001640935
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Program Files\CostMin
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Program Files\supporter
Folder Deleted : C:\Program Files\sitefinder
Folder Deleted : C:\Program Files\DeltaFix
Folder Deleted : C:\Program Files\RanndoumPrice
Folder Deleted : C:\Program Files\RobooSAveaR
Folder Deleted : C:\Users\Vojta\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Vojta\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Vojta\AppData\Roaming\SimilarAddon
Folder Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\Extensions\mLZv@m.com
Folder Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\Extensions\sq@b.edu
Folder Deleted : C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\drivers\nethfdrv.sys
File Deleted : C:\Windows\system32\hfpapi.dll
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Windows\system32\installd.exe
File Deleted : C:\Windows\system32\nethtsrv.exe
File Deleted : C:\Windows\system32\netupdsrv.exe
File Deleted : C:\Users\Vojta\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Vojta\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\invalidprefs.js
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\searchplugins\MyStart Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\searchplugins\Sweetpacks Search.xml
***** [ Scheduled tasks ] *****
Task Deleted : AmiUpdXp
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Deleted : HKLM\SOFTWARE\Classes\CostMin.CostMin
Key Deleted : HKLM\SOFTWARE\Classes\CostMin.CostMin.2.2
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\P16aad60a_0a83_4c07_9869_d31271a7209f_.P16aad60a_0a83_4c07_9869_d31271a7209f_
Key Deleted : HKLM\SOFTWARE\Classes\P16aad60a_0a83_4c07_9869_d31271a7209f_.P16aad60a_0a83_4c07_9869_d31271a7209f_.10
Key Deleted : HKLM\SOFTWARE\Classes\P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_.P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_
Key Deleted : HKLM\SOFTWARE\Classes\P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_.P28ec18ac_ebbb_433c_8352_4ab1a3ef576a_.10
Key Deleted : HKLM\SOFTWARE\Classes\P99013bd4_c2fd_49e2_b68e_2275d4af9c74_.P99013bd4_c2fd_49e2_b68e_2275d4af9c74_
Key Deleted : HKLM\SOFTWARE\Classes\P99013bd4_c2fd_49e2_b68e_2275d4af9c74_.P99013bd4_c2fd_49e2_b68e_2275d4af9c74_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_.Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_
Key Deleted : HKLM\SOFTWARE\Classes\Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_.Pa37b0c25_b81a_41cd_a1f3_aa5d28081f76_.9
Key Deleted : HKLM\SOFTWARE\Classes\IIsaver.IIsaver
Key Deleted : HKLM\SOFTWARE\Classes\IIsaver.IIsaver.4.6
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0fd9a262-06e6-4ab4-9186-eb3b2efcca4a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16aad60a-0a83-4c07-9869-d31271a7209f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28ec18ac-ebbb-433c-8352-4ab1a3ef576a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6ba1f554-442d-445b-a2c3-685694b52221}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77d0838f-d42b-4d89-83e9-e4a10aee6127}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99013bd4-c2fd-49e2-b68e-2275d4af9c74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A035346B-394E-C694-B216-1C5AEBEF67B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a37b0c25-b81a-41cd-a1f3-aa5d28081f76}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a998beb9-d7ba-4cee-b245-2b308b58db82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDDC4678-E4BF-110A-EBD2-F5573F80DA16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AEF2BB85-DF75-41E2-8366-FB89A5F869F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16aad60a-0a83-4c07-9869-d31271a7209f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28ec18ac-ebbb-433c-8352-4ab1a3ef576a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99013bd4-c2fd-49e2-b68e-2275d4af9c74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a37b0c25-b81a-41cd-a1f3-aa5d28081f76}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0fd9a262-06e6-4ab4-9186-eb3b2efcca4a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A035346B-394E-C694-B216-1C5AEBEF67B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a998beb9-d7ba-4cee-b245-2b308b58db82}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDDC4678-E4BF-110A-EBD2-F5573F80DA16}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0fd9a262-06e6-4ab4-9186-eb3b2efcca4a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{16aad60a-0a83-4c07-9869-d31271a7209f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{28ec18ac-ebbb-433c-8352-4ab1a3ef576a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6ba1f554-442d-445b-a2c3-685694b52221}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{77d0838f-d42b-4d89-83e9-e4a10aee6127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99013bd4-c2fd-49e2-b68e-2275d4af9c74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A035346B-394E-C694-B216-1C5AEBEF67B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a37b0c25-b81a-41cd-a1f3-aa5d28081f76}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a998beb9-d7ba-4cee-b245-2b308b58db82}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BDDC4678-E4BF-110A-EBD2-F5573F80DA16}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D238A788-39B6-B97D-A5BA-13FE8E34E03C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3E136D9-6714-1654-9C26-821A64C4D5E7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2F5F003B-C71B-72E3-42B4-DE51AB079EB2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inethnfd
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3F5700A1-5116-4BAA-9AD8-3FB238BE9334}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CA1838EF-A497-194E-3850-37A62CEE398B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D238A788-39B6-B97D-A5BA-13FE8E34E03C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E3E136D9-6714-1654-9C26-821A64C4D5E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E7F552EF334C802D75A55F0F6344722
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
***** [ Web browsers ] *****
-\\ Internet Explorer v7.0.6001.18527
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://mysearch.sweetpacks.com/?barid=1523566091664898286&src=97&i=48&did=10963&&st=23");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("extensions.hYYyqZZ2IlEJUvfH.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://mysearch.sweetpacks.com?src=6&barid=1523566091664898286&i=48&did=10963&&st=23&q=");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "yahoo.png");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Yahoo");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "yho");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://mysearch.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHPhxxp://www.google.cz/");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.simapp_id", "1523566091664898286");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://mysearch.sweetpacks.com/?src=10&st=12&i=48&did=11034&ppd=1434,122991,20uQ2j0jlbgJEFGH0GZFrp1x3mSU000.,,,,sweet-player,,,www.sweetplayer.com&barid=152[...]
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://mysearch.sweetpacks.com/?barid=$toolbar_id;");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://ybar.sweetpacks.com/uninstall");
[ncqjo59d.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.version", "1.14.0.1");
-\\ Google Chrome v39.0.2171.95
[C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Vojta\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
*************************
AdwCleaner[R0].txt - [28497 bytes] - [26/02/2015 17:28:30]
AdwCleaner[S0].txt - [28287 bytes] - [26/02/2015 17:37:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28347 bytes] ##########
Re: Prosím o kontrolu logu
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 26.2.2015
Scan Time: 17:45:45
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.26.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Vojta
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300088
Time Elapsed: 17 min, 27 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3A8C08FC-AFB9-4CC1-999C-119667210ED7}, , [6f9d37ecadddc86ec0e7f655a25ed030],
PUP.Optional.SweetIM.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SweetIM, , [2fdd111268223501bf749e0839ca3ec2],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [a76524ffee9c9b9b167bbf45768f09f7],
Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [a76524ffee9c9b9b167bbf45768f09f7]
Registry Data: 0
(No malicious items detected)
Folders: 5
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.AdPunisher.A, C:\ProgramData\AdPunisher, , [ed1ffe2579118babcd1fbdcad82b6997],
PUP.Optional.TheAdBlock.A, C:\ProgramData\TheAdBlock, , [ab61051eb7d3b383130dd3b62cd7b44c],
PUP.Optional.SweetPacks.A, C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\SweetPacksToolbarData, , [e428cc574941cd69860d7f13ff0432ce],
PUP.Optional.SweetPacks.A, C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\SweetPacksToolbarData\logs, , [e428cc574941cd69860d7f13ff0432ce],
Files: 31
PUP.Optional.Multiplug, C:\Program Files\WasteNoTime\WasteNoTime.exe, , [5bb1f82b4842c3733793f0145fa458a8],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncgrgf.exe, , [12fa859e197171c51e3853ef28daa957],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncgrgf.exe, , [47c563c00c7eac8a8ac81027cc35718f],
PUP.Optional.NetFilter, C:\Windows\System32\hfnapi.dll, , [b95370b3d6b489ad401bfdd79869a35d],
Trojan.BitMiner, C:\Windows\System32\dcgmncgrgf.exe, , [907c1f041575e35363eebd965ea4b24e],
Trojan.SProtector, C:\Users\Vojta\AppData\Local\Temp\18be6784_.exe, , [e02c57cc92f842f471fe6a0fdf22aa56],
PUP.Optional.Multiplug, C:\Users\Vojta\AppData\Local\Temp\294823_.exe, , [37d5cb589bef52e4cbde584ccc3944bc],
PUP.Optional.SweetIM, C:\Users\Vojta\AppData\Local\Temp\mgsqlite3.dll, , [9d6faf744a40ee4864ac6a8e0afbd22e],
Riskware.BitcoinMiner, C:\Users\Vojta\AppData\Local\Temp\dgen.exe, , [d5374bd8eb9fb086af55d4978a77ad53],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\Temp\drv14181.exe, , [f21ad350008a4fe7a70e904c09f819e7],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\Temp\drv5958.exe, , [6aa2f72c0387d56177d9cd91a15f1de3],
Trojan.Agent, C:\Users\Vojta\AppData\Local\Temp\drvinst-1.exe, , [46c6af740a80bb7b4a7659fd23ddee12],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\Temp\drvinst-2.exe, , [050727fcb0dae84e37192a346799b947],
PUP.Optional.OffersWizard.A, C:\Users\Vojta\AppData\Local\Temp\drvinst001.exe, , [db31ec370882ec4a647b41c060a6dd23],
PUP.Optional.OffersWizard.A, C:\Users\Vojta\AppData\Local\Temp\drvinst01.exe, , [94787ea50f7bcb6bb82713ee9670ef11],
PUP.Optional.BitcoinMiner, C:\Windows\Temp\dgen.exe, , [d13bc162aae0e254e632456626df5fa1],
PUP.Optional.Amonetize, C:\Windows\Temp\e251a6be-a756-4fb0-06eb-33769b0e17c1.exe, , [e02cd1524a40fb3b4c69944846bbf808],
PUP.Optional.Amonetize, C:\Windows\Temp\b2c673d4-b2e7-42f0-a873-820156fddcbe.exe, , [03093be83c4ed75fb203607c61a03ac6],
PUP.Optional.Amonetize, C:\Windows\Temp\20c4b62d-1941-4c11-3faf-26b2211c1b8a.exe, , [31db0d16acdeb383b4018d4f15ec58a8],
PUP.Optional.NetFilter, C:\Windows\Temp\5c39cd1e-86a4-4ccd-94d3-f195f9d4254c.exe, , [12fa56cd3f4b61d593c8a92b0bf6d32d],
PUP.Optional.Amonetize, C:\Windows\Temp\915446f2-4090-4b0e-c193-6c8318573190.exe, , [0dfffb28a9e1fb3bb6ff508c3ec334cc],
PUP.Optional.Amonetize, C:\Windows\Temp\Updater.exe, , [11fb071c15750f2783327f5d31d03dc3],
PUP.Optional.Amonetize.A, C:\Users\Vojta\AppData\Local\21105\a29281.exe, , [21ebbf64ddad290d055c7fd8ed1349b7],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\21548\Updater.exe, , [0ffda97a256511259f16ac30b54c1ae6],
PUP.Optional.Amonetize.A, C:\Users\Vojta\AppData\Local\27517\a24191.exe, , [6f9d37ecadddc86ec0e7f655a25ed030],
PUP.Optional.SweetIM, C:\Windows\Installer\1018001.msi, , [9d6f82a1b6d42d0934dcbc3ca0651fe1],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.AdPunisher.A, C:\ProgramData\AdPunisher\AdPunisher.exe, , [ed1ffe2579118babcd1fbdcad82b6997],
PUP.Optional.TheAdBlock.A, C:\ProgramData\TheAdBlock\TheAdBlock.exe, , [ab61051eb7d3b383130dd3b62cd7b44c],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 26.2.2015
Scan Time: 17:45:45
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.26.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Vojta
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300088
Time Elapsed: 17 min, 27 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3A8C08FC-AFB9-4CC1-999C-119667210ED7}, , [6f9d37ecadddc86ec0e7f655a25ed030],
PUP.Optional.SweetIM.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SweetIM, , [2fdd111268223501bf749e0839ca3ec2],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [a76524ffee9c9b9b167bbf45768f09f7],
Registry Values: 1
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [a76524ffee9c9b9b167bbf45768f09f7]
Registry Data: 0
(No malicious items detected)
Folders: 5
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.AdPunisher.A, C:\ProgramData\AdPunisher, , [ed1ffe2579118babcd1fbdcad82b6997],
PUP.Optional.TheAdBlock.A, C:\ProgramData\TheAdBlock, , [ab61051eb7d3b383130dd3b62cd7b44c],
PUP.Optional.SweetPacks.A, C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\SweetPacksToolbarData, , [e428cc574941cd69860d7f13ff0432ce],
PUP.Optional.SweetPacks.A, C:\Users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\ncqjo59d.default\SweetPacksToolbarData\logs, , [e428cc574941cd69860d7f13ff0432ce],
Files: 31
PUP.Optional.Multiplug, C:\Program Files\WasteNoTime\WasteNoTime.exe, , [5bb1f82b4842c3733793f0145fa458a8],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncgrgf.exe, , [12fa859e197171c51e3853ef28daa957],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncgrgf.exe, , [47c563c00c7eac8a8ac81027cc35718f],
PUP.Optional.NetFilter, C:\Windows\System32\hfnapi.dll, , [b95370b3d6b489ad401bfdd79869a35d],
Trojan.BitMiner, C:\Windows\System32\dcgmncgrgf.exe, , [907c1f041575e35363eebd965ea4b24e],
Trojan.SProtector, C:\Users\Vojta\AppData\Local\Temp\18be6784_.exe, , [e02c57cc92f842f471fe6a0fdf22aa56],
PUP.Optional.Multiplug, C:\Users\Vojta\AppData\Local\Temp\294823_.exe, , [37d5cb589bef52e4cbde584ccc3944bc],
PUP.Optional.SweetIM, C:\Users\Vojta\AppData\Local\Temp\mgsqlite3.dll, , [9d6faf744a40ee4864ac6a8e0afbd22e],
Riskware.BitcoinMiner, C:\Users\Vojta\AppData\Local\Temp\dgen.exe, , [d5374bd8eb9fb086af55d4978a77ad53],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\Temp\drv14181.exe, , [f21ad350008a4fe7a70e904c09f819e7],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\Temp\drv5958.exe, , [6aa2f72c0387d56177d9cd91a15f1de3],
Trojan.Agent, C:\Users\Vojta\AppData\Local\Temp\drvinst-1.exe, , [46c6af740a80bb7b4a7659fd23ddee12],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\Temp\drvinst-2.exe, , [050727fcb0dae84e37192a346799b947],
PUP.Optional.OffersWizard.A, C:\Users\Vojta\AppData\Local\Temp\drvinst001.exe, , [db31ec370882ec4a647b41c060a6dd23],
PUP.Optional.OffersWizard.A, C:\Users\Vojta\AppData\Local\Temp\drvinst01.exe, , [94787ea50f7bcb6bb82713ee9670ef11],
PUP.Optional.BitcoinMiner, C:\Windows\Temp\dgen.exe, , [d13bc162aae0e254e632456626df5fa1],
PUP.Optional.Amonetize, C:\Windows\Temp\e251a6be-a756-4fb0-06eb-33769b0e17c1.exe, , [e02cd1524a40fb3b4c69944846bbf808],
PUP.Optional.Amonetize, C:\Windows\Temp\b2c673d4-b2e7-42f0-a873-820156fddcbe.exe, , [03093be83c4ed75fb203607c61a03ac6],
PUP.Optional.Amonetize, C:\Windows\Temp\20c4b62d-1941-4c11-3faf-26b2211c1b8a.exe, , [31db0d16acdeb383b4018d4f15ec58a8],
PUP.Optional.NetFilter, C:\Windows\Temp\5c39cd1e-86a4-4ccd-94d3-f195f9d4254c.exe, , [12fa56cd3f4b61d593c8a92b0bf6d32d],
PUP.Optional.Amonetize, C:\Windows\Temp\915446f2-4090-4b0e-c193-6c8318573190.exe, , [0dfffb28a9e1fb3bb6ff508c3ec334cc],
PUP.Optional.Amonetize, C:\Windows\Temp\Updater.exe, , [11fb071c15750f2783327f5d31d03dc3],
PUP.Optional.Amonetize.A, C:\Users\Vojta\AppData\Local\21105\a29281.exe, , [21ebbf64ddad290d055c7fd8ed1349b7],
PUP.Optional.Amonetize, C:\Users\Vojta\AppData\Local\21548\Updater.exe, , [0ffda97a256511259f16ac30b54c1ae6],
PUP.Optional.Amonetize.A, C:\Users\Vojta\AppData\Local\27517\a24191.exe, , [6f9d37ecadddc86ec0e7f655a25ed030],
PUP.Optional.SweetIM, C:\Windows\Installer\1018001.msi, , [9d6f82a1b6d42d0934dcbc3ca0651fe1],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [57b5071ccbbf58dedb702e9326ddfb05],
PUP.Optional.AdPunisher.A, C:\ProgramData\AdPunisher\AdPunisher.exe, , [ed1ffe2579118babcd1fbdcad82b6997],
PUP.Optional.TheAdBlock.A, C:\ProgramData\TheAdBlock\TheAdBlock.exe, , [ab61051eb7d3b383130dd3b62cd7b44c],
Physical Sectors: 0
(No malicious items detected)
(end)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Windows Vista (TM) Home Premium Service Pack 1 --- co si doinstalovat SP2:
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Windows Vista (TM) Home Premium Service Pack 1 --- co si doinstalovat SP2:
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 88 hostů