Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Lukas on źt 09. 06. 2016 at 7:42:14,35.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\krald_000\Downloads\zoek (1).exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2016-06-05-144255.log 405 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\224fbe19-4e57-4a8b-af63-48b325cf417d deleted successfully
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Hi-Rez Studios deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\BlueStacksSetup deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Solid State Networks deleted successfully
C:\Users\krald_000\AppData\Roaming\AtomZombieDemoData deleted successfully
C:\Users\krald_000\AppData\Roaming\Knights Saves deleted successfully
C:\Users\krald_000\AppData\Roaming\WindOfLuckArena deleted successfully
C:\Users\David\AppData\Local\Dxtory Software deleted successfully
C:\Users\David\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\David\AppData\Local\EmieSiteList deleted successfully
C:\Users\David\AppData\Local\EmieUserList deleted successfully
C:\Users\David\AppData\Local\GHISLER deleted successfully
C:\Users\David\AppData\Local\Razer deleted successfully
C:\Users\David\AppData\Local\Skype deleted successfully
C:\Users\krald_000\AppData\Local\ArmA 2 OA deleted successfully
C:\Users\krald_000\AppData\Local\Doctor Entertainment AB deleted successfully
C:\Users\krald_000\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\krald_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\krald_000\AppData\Local\EmieUserList deleted successfully
C:\Users\krald_000\AppData\Local\GHISLER deleted successfully
C:\Users\krald_000\AppData\Local\Skype deleted successfully
C:\Users\krald_000\AppData\Local\WarThunder deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
HKEY_USERS\S-1-5-21-843571973-3606943960-711470415-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tv4dztv5.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP");
user_pref("browser.search.defaulturl", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.defaultenginename", "Bing ");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("browser.search.order.1", "Seznam");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");
Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tv4dztv5.default\prefs.js:
Deleted from C:\Users\KRALD_~1\AppData\Roaming\Mozilla\Firefox\Profiles\nt8mx4he.default\prefs.js:
Added to C:\Users\KRALD_~1\AppData\Roaming\Mozilla\Firefox\Profiles\nt8mx4he.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tv4dztv5.default
---- FireFox user.js and prefs.js backups ----
user_201609.06._0803_.backup
prefs_201609.06._0803_.backup
ProfilePath: C:\Users\KRALD_~1\AppData\Roaming\Mozilla\Firefox\Profiles\nt8mx4he.default
user.js not found
---- Lines ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299 removed from prefs.js ----
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.active", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.addressbar", "NA");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.addressbarenhanced", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.asyncdb.was_copied", "true");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.asyncinternaldb.was_copied", "true");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.backgroundver", 10);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.certdomaininstaller", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallationTime.value", "%221424653568%22");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.cookie.InstallerParams.value", "%7B%22source_id%22%3A%220
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.description", ".");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.domain", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.enablesearch", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.homepage", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.changeprevious", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.iframe", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.InstallationThankYouPage", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.InstallationTime", 1424653568);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb._installer_additional_info.expiration", "Fri F
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb._installer_additional_info.value", "%7B%22asw%
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.installer.value", "%7B%22InstallerIdentifiers%
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerIdentifiers.value", "%7B%22installer_
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParams.expiration", "Fri Feb 01 2030
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParams.value", "%7B%22source_id%22%3A
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParamsCache.expiration", "Fri Feb 01
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerParamsCache.value", "%7B%22source_id%
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerUserIdentifiersCache.expiration", "Fr
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.InstallerUserIdentifiersCache.value", "%7B%22i
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_bundledUrls.expiration", "
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_bundledWithHash.expiration
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_bundledWithHash.value", "n
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_notBundledArr_.expiration"
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_notBundledArr_.value", "%5
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_regBundledWithSoftware.exp
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.monetization_plugin_regBundledWithSoftware.val
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.reporting_user_key_index.expiration", "Thu Mar
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.reporting_user_key_index.value", "406");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_appVer.value", "66");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_lastVersion.expiration", "Fri Feb 01
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 0
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_nextCheck.expiration", "Fri Jun 19 2
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_queue.expiration", "Fri Feb 01 2030
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.lastDailyReport", "1434722615249");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.lastUpdate", "1434722610138");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.manifesturl", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.name", "SensePlus.V2");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.newtab", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.opensearch", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.pluginsurl", "http://js.globalnodebox.com/plugin/apps/702
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.pluginsversion", 53);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.publisher", "Object Browser");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.searchstatus", 0);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.setnewtab", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.thankyou", "");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.updateinterval", 360);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.70299.ver", 66);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.apps", "70299");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.bic", "14c6b135ed3f6d95da3b55dd9b5377bc");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.cid", 70299);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.firstrun", false);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.hadappinstalled", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.installationdate", 1427725574);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.installerAdditionalInfo", "{\"asw\":[2, -2046820352, 536870912,
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.modetype", "production");
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.reportInstall", true);
user_pref("extensions.ae9d197d59f2f45f382b1aa5c14d828706aaed9b904554b5cb7984e9com70299.statsDailyCounter", 6);
---- FireFox user.js and prefs.js backups ----
prefs_201609.06._0803_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\224fbe19-4e57-4a8b-af63-48b325cf417d not found
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Hi-Rez Studios not found
C:\Users\David\AppData\LocalLow\{2F62E649-867F-6095-E8FC-C2213CA52F5A} deleted
C:\Users\David\AppData\LocalLow\{4CE04BDC-1AE1-87B7-A2FE-80DE4F47FE3B} deleted
C:\Users\David\AppData\LocalLow\{C6382B82-B5DC-E9BD-9831-08E9F431BF75} deleted
C:\Users\krald_000\AppData\LocalLow\{2F62E649-867F-6095-E8FC-C2213CA52F5A} deleted
C:\Users\krald_000\AppData\LocalLow\{4CE04BDC-1AE1-87B7-A2FE-80DE4F47FE3B} deleted
C:\Users\krald_000\AppData\LocalLow\{C6382B82-B5DC-E9BD-9831-08E9F431BF75} deleted
C:\Users\krald_000\AppData\Local\Packages\windows_ie_ac_001\AC\{2F62E649-867F-6095-E8FC-C2213CA52F5A} deleted
C:\Users\krald_000\AppData\Local\Packages\windows_ie_ac_001\AC\{4CE04BDC-1AE1-87B7-A2FE-80DE4F47FE3B} deleted
C:\found.000 deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\David\AppData\Local\globalUpdate deleted
C:\Users\David\AppData\Local\Installer deleted
C:\Users\David\AppData\Local\CrashRpt deleted
C:\Users\krald_000\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\krald_000\Downloads\ReimageRepair.exe deleted
C:\Users\David\AppData\LocalLow\Unity deleted
C:\Users\David\AppData\LocalLow\Goobzo deleted
C:\Users\krald_000\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\SysWOW64\AniGIF.ocx deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tv4dztv5.default\searchplugins\seznam-avast.xml deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tv4dztv5.default\searchplugins\bingp.xml deleted
"C:\ProgramData\.rdata" deleted
==== Orphaned Tasks deleted from Registry ======================
avast Emergency Update deleted
Norton Product Installer deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\KRALD_~1\AppData\Roaming\Mozilla\Firefox\Profiles\nt8mx4he.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [17. 05. 2016 16:20]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [17. 05. 2016 16:20]
==== Firefox Extensions ======================
ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\tv4dztv5.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\krald_000\AppData\Roaming\Mozilla\Firefox\Profiles\nt8mx4he.default
F627791AB91E01A9829A8D9B6E024D52 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll - Shockwave Flash
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\krald_000\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\krald_000\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Google Chrome Version: 46.0.2490.86
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17. 05. 2016 16:20]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[]
AdBlock - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Web of Trust - krald_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - krald_000\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gighmmpiobklfepjocnamgkkbiglidom
==== Chromium Fix ======================
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.moddb.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.moddb.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{2BAF0886-CC7C-4CB5-8FC0-58C9B1F79E2D} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
==== Reset Google Chrome ======================
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\23e187ae-6f53-4ed6-8c99-315782b70046 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\krald_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\krald_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\krald_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\krald_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\krald_000\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3666 folders=1852 1427954599 bytes)
==== Empty Temp Folders ======================
C:\Users\David\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\krald_000\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\KRALD_~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on źt 09. 06. 2016 at 8:13:20,19 ======================
Prosím o kontrolu logu "com surrogate ?" Vyřešeno
Re: Prosím o kontrolu logu "com surrogate ?"
swMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-06-09 08:16:40
-----------------------------
08:16:40.327 OS Version: Windows x64 6.2.9200
08:16:40.328 Number of processors: 2 586 0x1301
08:16:40.329 ComputerName: PC UserName:
08:16:41.461 Initialize success
08:16:41.482 VM: initialized successfully
08:16:41.484 VM: Amd CPU supported virtualized
08:16:43.873 AVAST engine defs: 16060801
08:17:19.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000029
08:17:19.615 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 11
08:17:19.693 Disk 0 MBR read successfully
08:17:19.693 Disk 0 MBR scan
08:17:19.709 Disk 0 Windows 7 default MBR code
08:17:19.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:17:19.724 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
08:17:19.740 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 500000 MB offset 409600000
08:17:19.755 Disk 0 Partition - 00 0F Extended LBA 253866 MB offset 1433601985
08:17:19.771 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 253866 MB offset 1433602048
08:17:19.802 Disk 0 scanning C:\Windows\system32\drivers
08:17:32.147 Service scanning
08:17:51.795 Modules scanning
08:17:51.795 Disk 0 trace - called modules:
08:17:51.826 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
08:17:51.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00046b12060]
08:17:51.842 3 CLASSPNP.SYS[fffff801fd9abf40] -> nt!IofCallDriver -> \Device\00000029[0xffffe00046a22060]
08:17:52.654 AVAST engine scan C:\Windows
08:17:54.156 AVAST engine scan C:\Windows\system32
08:20:36.690 AVAST engine scan C:\Windows\system32\drivers
08:20:55.114 AVAST engine scan C:\Users\krald_000
08:30:40.635 AVAST engine scan C:\ProgramData
08:33:14.475 Disk 0 statistics 4566216/0/0 @ 2,93 MB/s
08:33:14.490 Scan finished successfully
08:34:01.798 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
08:34:01.798 The log file has been saved successfully to "D:\aswMBR.t
Run date: 2016-06-09 08:16:40
-----------------------------
08:16:40.327 OS Version: Windows x64 6.2.9200
08:16:40.328 Number of processors: 2 586 0x1301
08:16:40.329 ComputerName: PC UserName:
08:16:41.461 Initialize success
08:16:41.482 VM: initialized successfully
08:16:41.484 VM: Amd CPU supported virtualized
08:16:43.873 AVAST engine defs: 16060801
08:17:19.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000029
08:17:19.615 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 11
08:17:19.693 Disk 0 MBR read successfully
08:17:19.693 Disk 0 MBR scan
08:17:19.709 Disk 0 Windows 7 default MBR code
08:17:19.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:17:19.724 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
08:17:19.740 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 500000 MB offset 409600000
08:17:19.755 Disk 0 Partition - 00 0F Extended LBA 253866 MB offset 1433601985
08:17:19.771 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 253866 MB offset 1433602048
08:17:19.802 Disk 0 scanning C:\Windows\system32\drivers
08:17:32.147 Service scanning
08:17:51.795 Modules scanning
08:17:51.795 Disk 0 trace - called modules:
08:17:51.826 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
08:17:51.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00046b12060]
08:17:51.842 3 CLASSPNP.SYS[fffff801fd9abf40] -> nt!IofCallDriver -> \Device\00000029[0xffffe00046a22060]
08:17:52.654 AVAST engine scan C:\Windows
08:17:54.156 AVAST engine scan C:\Windows\system32
08:20:36.690 AVAST engine scan C:\Windows\system32\drivers
08:20:55.114 AVAST engine scan C:\Users\krald_000
08:30:40.635 AVAST engine scan C:\ProgramData
08:33:14.475 Disk 0 statistics 4566216/0/0 @ 2,93 MB/s
08:33:14.490 Scan finished successfully
08:34:01.798 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
08:34:01.798 The log file has been saved successfully to "D:\aswMBR.t
Re: Prosím o kontrolu logu "com surrogate ?"
Dobrý den
Pořád mě běží proces "com surrogate" jinak už žádné problémy
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:06, on 9. 6. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
FIREFOX: 30.0 (cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\krald_000\Downloads\HijackThis (1).exe
C:\Users\krald_000\Desktop\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "c:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files (x86)\LightComp eDoklady Skenováni\iehelper.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\sn0310~1.boo
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - D:\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10530 bytes
Pořád mě běží proces "com surrogate" jinak už žádné problémy
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:06, on 9. 6. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
FIREFOX: 30.0 (cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\krald_000\Downloads\HijackThis (1).exe
C:\Users\krald_000\Desktop\HijackThis (1).exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "c:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files (x86)\LightComp eDoklady Skenováni\iehelper.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\sn0310~1.boo
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - D:\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10530 bytes
Re: Prosím o kontrolu logu "com surrogate ?"
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 21.0.0.182
Google Chrome (50.0.2661.102)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 21.0.0.182
Google Chrome (50.0.2661.102)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu "com surrogate ?"
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O20 - AppInit_DLLs: c:\progra~2\sn0310~1.boo -- znáš to?
Odinstaluj:
Spybot - Search and Destroy
Aktualizuj javu:
http://www.oracle.com/technetwork/java/ ... 33155.html
Java SE Runtime Environment 8
Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy?
Návod
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O20 - AppInit_DLLs: c:\progra~2\sn0310~1.boo -- znáš to?
Odinstaluj:
Spybot - Search and Destroy
Aktualizuj javu:
http://www.oracle.com/technetwork/java/ ... 33155.html
Java SE Runtime Environment 8
Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu "com surrogate ?"
Už žádní problém. # DelFix v1.013 - Logfile created 09/06/2016 at 11:55:17
# Updated 17/04/2016 by Xplode
# Username : Lukas - PC
# Operating System : Windows 8.1 Pro (64 bits)
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2016-06-05-144255.log
Deleted : C:\Users\krald_000\Desktop\JRT.txt
Deleted : C:\Users\krald_000\Desktop\HijackThis (1).exe
Deleted : C:\Users\krald_000\Desktop\hijackthis.log
Deleted : C:\Users\krald_000\Desktop\RogueKillerX64 (1).exe
Deleted : C:\Users\krald_000\Downloads\adwcleaner_5.117.exe
Deleted : C:\Users\krald_000\Downloads\adwcleaner_5.118.exe
Deleted : C:\Users\krald_000\Downloads\aswmbr (1).exe
Deleted : C:\Users\krald_000\Downloads\aswmbr (2).exe
Deleted : C:\Users\krald_000\Downloads\aswmbr.exe
Deleted : C:\Users\krald_000\Downloads\esetsmartinstaller_csy.exe
Deleted : C:\Users\krald_000\Downloads\JRT (1).exe
Deleted : C:\Users\krald_000\Downloads\JRT.exe
Deleted : C:\Users\krald_000\Downloads\HijackThis (1).exe
Deleted : C:\Users\krald_000\Downloads\HijackThis.exe
Deleted : C:\Users\krald_000\Downloads\hijackthis.log
Deleted : C:\Users\krald_000\Downloads\RogueKillerX64 (1).exe
Deleted : C:\Users\krald_000\Downloads\RogueKillerX64.exe
Deleted : C:\Users\krald_000\Downloads\SecurityCheck.exe
Deleted : C:\Users\krald_000\Downloads\TFC.exe
Deleted : C:\Users\krald_000\Downloads\zoek (1).exe
Deleted : C:\Users\krald_000\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR
~ Cleaning system restore ...
Deleted : RP #165 [Windows Update | 05/10/2016 17:44:27]
Deleted : RP #166 [Windows Update | 05/14/2016 07:59:34]
Deleted : RP #167 [Windows Update | 05/17/2016 17:03:13]
Deleted : RP #168 [Naplánovaný kontrolní bod | 05/24/2016 19:03:30]
Deleted : RP #169 [Windows Update | 05/28/2016 10:34:58]
Deleted : RP #170 [JRT Pre-Junkware Removal | 05/29/2016 16:55:35]
Deleted : RP #171 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 05/30/2016 19:02:23]
Deleted : RP #172 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 06/04/2016 00:37:34]
Deleted : RP #173 [zoek.exe restore point | 06/05/2016 14:42:30]
Deleted : RP #174 [Removed Java 8 Update 91 | 06/09/2016 09:51:58]
New restore point created !
########## - EOF - ##########
# Updated 17/04/2016 by Xplode
# Username : Lukas - PC
# Operating System : Windows 8.1 Pro (64 bits)
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2016-06-05-144255.log
Deleted : C:\Users\krald_000\Desktop\JRT.txt
Deleted : C:\Users\krald_000\Desktop\HijackThis (1).exe
Deleted : C:\Users\krald_000\Desktop\hijackthis.log
Deleted : C:\Users\krald_000\Desktop\RogueKillerX64 (1).exe
Deleted : C:\Users\krald_000\Downloads\adwcleaner_5.117.exe
Deleted : C:\Users\krald_000\Downloads\adwcleaner_5.118.exe
Deleted : C:\Users\krald_000\Downloads\aswmbr (1).exe
Deleted : C:\Users\krald_000\Downloads\aswmbr (2).exe
Deleted : C:\Users\krald_000\Downloads\aswmbr.exe
Deleted : C:\Users\krald_000\Downloads\esetsmartinstaller_csy.exe
Deleted : C:\Users\krald_000\Downloads\JRT (1).exe
Deleted : C:\Users\krald_000\Downloads\JRT.exe
Deleted : C:\Users\krald_000\Downloads\HijackThis (1).exe
Deleted : C:\Users\krald_000\Downloads\HijackThis.exe
Deleted : C:\Users\krald_000\Downloads\hijackthis.log
Deleted : C:\Users\krald_000\Downloads\RogueKillerX64 (1).exe
Deleted : C:\Users\krald_000\Downloads\RogueKillerX64.exe
Deleted : C:\Users\krald_000\Downloads\SecurityCheck.exe
Deleted : C:\Users\krald_000\Downloads\TFC.exe
Deleted : C:\Users\krald_000\Downloads\zoek (1).exe
Deleted : C:\Users\krald_000\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR
~ Cleaning system restore ...
Deleted : RP #165 [Windows Update | 05/10/2016 17:44:27]
Deleted : RP #166 [Windows Update | 05/14/2016 07:59:34]
Deleted : RP #167 [Windows Update | 05/17/2016 17:03:13]
Deleted : RP #168 [Naplánovaný kontrolní bod | 05/24/2016 19:03:30]
Deleted : RP #169 [Windows Update | 05/28/2016 10:34:58]
Deleted : RP #170 [JRT Pre-Junkware Removal | 05/29/2016 16:55:35]
Deleted : RP #171 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 | 05/30/2016 19:02:23]
Deleted : RP #172 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 06/04/2016 00:37:34]
Deleted : RP #173 [zoek.exe restore point | 06/05/2016 14:42:30]
Deleted : RP #174 [Removed Java 8 Update 91 | 06/09/2016 09:51:58]
New restore point created !
########## - EOF - ##########
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu "com surrogate ?"
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 50 hostů