log malwarebyteMalwarebytes Anti-Malware
www.malwarebytes.orgDatum skenování: 21.3.2015
Čas skenování: 13:46:26
Protokol: malwarebytes log 3.txt
Správce: Ano
Verze: 2.00.4.1028
Databáze malwaru: v2015.03.21.04
Databáze rootkitů: v2015.02.25.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: David
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 316193
Uplynulý čas: 7 min, 57 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Žádné zákerné zjištěny položek)
Moduly: 0
(Žádné zákerné zjištěny položek)
Klíče registru: 0
(Žádné zákerné zjištěny položek)
Hodnoty registru: 0
(Žádné zákerné zjištěny položek)
Data registru: 0
(Žádné zákerné zjištěny položek)
Složky: 0
(Žádné zákerné zjištěny položek)
Soubory: 0
(Žádné zákerné zjištěny položek)
Fyzické sektory: 0
(Žádné zákerné zjištěny položek)
(end)
log roguekillerRogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebová stránka :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : David [Práva správce]
Started from : C:\Users\David\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 03/21/2015 14:06:01
¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] szndesktop.exe(2932) -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] explorer.exe(1560) -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\26587libfoxloader.dll[7] -> Uvolněno
¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Smazáno
[Suspicious.Path] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
http://www.seznam.cz/?clid=13415 -> Nahrazeno (
http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 5 ¤¤¤
[Troj.Generic] \\{047F0B25-08E9-46FA-B641-5930746786CF} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{52A76004-E45C-4AD5-B599-D5C7A92855A1} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{5D292138-B500-444A-9B7D-D49867455B73} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{941FE984-D27F-4351-8D5D-2A8F3580F372} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{E9C0BBA8-0F05-49F9-95B2-25F608BBD485} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 65.112.87.186 master.gamespy.com -> Smazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 3 ¤¤¤
[IE:Addon] System : Canon Easy-WebPrint EX [{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}] -> Smazáno
[FIREFX:Addon] 1bdplhbh.default-1422108646156 : Avast Online Security [wrc@avast.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] 1bdplhbh.default-1422108646156 : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 393bded003480f33d336f052248847c7
[BSP] 668882ef52f211263f2f67caf43ab78d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 82780 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 169533945 | Size: 394157 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_03192015_151451.log - RKreport_SCN_03212015_140436.log
log zoekZoek.exe v5.0.0.0 Updated 21-March-2015
Tool run by David on so 21.03.2015 at 14:15:26,78.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
21.3.2015 14:16:31 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\Avira deleted successfully
C:\Users\David\AppData\Roaming\Publish Providers deleted successfully
C:\Users\David\AppData\Local\DayZ deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");
Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default\prefs.js:
Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Program Files\Avira not found
C:\Users\David\AppData\Roaming\.mctitandinocraft deleted
C:\Users\David\AppData\Roaming\.mctitanpokemine deleted
C:\found.000 deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\David\AppData\Local\CrashRpt deleted
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3441744158-3190030285-3986489708-1000 deleted
C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\Invalidprefs.js deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default\extensions\abs@avira.com deleted
"C:\Users\David\AppData\Local\LumaEmu" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [15.03.2015 10:40]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
C454432F43C61767873DA91885759471 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
954FAB833273DCBC3254E95D2AAF0C46 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
3239619A441E23A20EC923DF92FF2D70 - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - CANON iMAGE GATEWAY Album Plugin Utility for IJ
5950D438CD3DDF2DD50D9FA4E07A6C1C - C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15.03.2015 10:40]
Docs - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
==== Chromium Startpages ======================
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
{"browser":{"window_placement":{"bottom":850,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":860,"work_area_left":0,"work_area_right":1440,"work_area_top":0}},"countryid_at_install":17242,"default_apps_install_state":3,"distribution":{"do_not_launch_chrome":true,"import_home_page":false,"make_chrome_default":true},"dns_prefetching":{"host_referral_list":[2],"startup_list":[1,"https://clients2.google.com/","https://www.google.com/","https://www.googleapis.com/"]},"enhanced_bookmarks_enabled":0,"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"13062433434328881"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"install_signature":{"expire_date":"2015-03-01","ids":["aohghmighlieiainnegkcijnfilokake"],"invalid_ids":[],"salt":"/8eYozwtRjVrHSiX3dMVaY+E1s/bnLoi+PNkd8JzQao=","signature":"Douq58GBBxt+/UIhF0n+PrRbVYHcCQ/HNVpUuTMvVbL0c6U0I9B2RVExs+mB8RwhiCub9wAoyofAWvC5PDA8KDRv06oyRyffC7yFb4c88H9AKgIFcHYrrKoIKBqaMOlaWeg2DT1Tk9OUVeY/5WZRhDqaPqDELskFXlotaRI4ATFSSD8Dc/OL8Ae8Qt7MqPB+t+5yGjPo18J/L/U5sgHJLlbTluUoaJHtlh2kQg96u21PWfuMcG+rwP+hTV2SeuysjoN1UDIvivHGffskUT3pKFsXibmx945mTUHxFl1hHGtVXMZ09V3gTZA3lmZrqveWAaMfwG/ck4B+nUnvwib6qA==","signature_format_version":2,"timestamp":"13062432817794954"},"last_chrome_version":"39.0.2171.71","settings":{"pchfckkccldkbclgdepkaonamkignanh":{}}},"first_run_tabs":["http://welcome_page"],"intl":{"accept_languages":"cs-CZ,cs"},"invalidator":{"client_id":"EvuKgSlhjfldw4XJSnQs+Q=="},"media":{"device_id_salt":"6b5tN64yNELLso/TeaHzNg=="},"net":{"http_server_properties":{"servers":{"clients2.google.com:443":{"settings":{"4":100},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":{"port":443,"probability":0.02,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true}},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","name":"PrvnĂ uĹľivatel","per_host_zoom_levels":{}},"protection":{"macs":{}},"proxy":{"bypass_list":"","mode":"system","server":""},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13062432587392753"},"sync_promo":{"show_on_first_run_allowed":false},"translate_blocked_languages":["cs"],"translate_whitelists":{}}
"startup_urls": [ "http://www.google.com/" ]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{076FA737-86F6-4A57-9DEC-691945880797} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{0B074052-B29E-4A3C-B223-EC77D87DEFCF} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"
{4870A190-8C7F-4F0C-A58E-F04883D89902} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"
{6551D3C9-399A-4F90-99FB-7F4F14A38160} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"
{7736160A-95EA-42E4-8C76-57CC6095EA44} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{83955773-B4D6-4713-B7D1-FA72AA7EFFC7} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{C87086E9-7631-4177-B6C7-6B78A6A5C635} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{F38785E6-6734-4EC3-A8C1-71F29F5C0F05} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
==== Reset Google Chrome ======================
C:\Users\David\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\David\Desktop\Any Video Converter.lnk - D:\Hry\Anvsoft\Any Video Converter\AVCFree.exe
C:\Users\David\Desktop\Counter-Strike.lnk - D:\Hry\Counter-Strike 1.6\hl.exe -steam -game cstrike
C:\Users\David\Desktop\CS 1.6 Servery.lnk - D:\Hry\Counter-Strike 1.6\CS Servery.url
C:\Users\David\Desktop\Filmy – zástupce.lnk -
C:\Users\David\Desktop\FiveNightsatFreddys – zástupce.lnk -
C:\Users\David\Desktop\GameMaker-Studio.lnk - C:\Users\David\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\_BA6F52370FB84CB79FA120E96853A4F3.exe
C:\Users\David\Desktop\gta_sa – zástupce.lnk -
C:\Users\David\Desktop\HEROES3 – zástupce.lnk -
C:\Users\David\Desktop\Hry – zástupce.lnk -
C:\Users\David\Desktop\KMPlayer.lnk - C:\KMPlayer\KMPlayer.exe
C:\Users\David\Desktop\launcher – zástupce.lnk -
C:\Users\David\Desktop\lol.launcher.admin – zástupce.lnk -
C:\Users\David\Desktop\quake3 – zástupce.lnk -
C:\Users\David\Desktop\StateOfDecay – zástupce.lnk -
C:\Users\David\Desktop\Stonehearth.lnk - D:\Hry\Stonehearth v0.1.0r201\Stonehearth.exe
C:\Users\David\Desktop\Stubbs the Zombie - Rebel Without a Pulse.lnk - D:\Hry\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs.exe
C:\Users\David\Desktop\vegas110 – zástupce.lnk -
C:\Users\David\Desktop\µTorrent.lnk -
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\Canon MG2400 series Elektronická příručka.lnk -
C:\Users\Public\Desktop\Canon Quick Menu.lnk - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Fraps.lnk - D:\Fraps\fraps.exe
C:\Users\Public\Desktop\Free Webcam Recorder.lnk - D:\Hry\freepicturesolutions\Free Webcam Recorder\Free Webcam Recorder.exe
C:\Users\Public\Desktop\Game Dev Tycoon.lnk - D:\Hry\Game Dev Tycoon2\GameDevTycoon.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\MC Titan Dinocraft 1.7.10.lnk - C:\Users\David\AppData\Roaming\.mctitandinocraft\MC Titan Minecraft Launcher.jar
C:\Users\Public\Desktop\MC Titan Pokemine 1.7.10.lnk - C:\Users\David\AppData\Roaming\.mctitanpokemine\MC Titan Minecraft Launcher.jar
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Outlast + DLC Whistleblower - Danik1B9.lnk - D:\hry\Outlast + DLC Whistleblower\OutlastLauncher.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe
C:\Users\Public\Desktop\Steam.lnk - D:\Hry\steam\Steam.exe
C:\Users\Public\Desktop\WarThunder.lnk - D:\Hry\WarThunder\launcher.exe
==== shortcuts in Users Start Menu ======================
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio.lnk - C:\Users\David\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\_4928C3DDAA574E9788505A94F934E31D.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Carmageddon™ 3 TDR 2000™.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Fable The Lost Chapters™.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Stubbs the Zombie - Rebel Without a Pulse™.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Logs and errors.lnk - D:\Hry\WarThunder\.game_logs cd
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Odinstalovat aplikaci War Thunder.lnk - D:\Hry\WarThunder\unins000.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Replays.lnk - D:\Hry\WarThunder\Replays cd
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Screenshots.lnk - D:\Hry\WarThunder\Screenshots cd
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk - D:\Hry\WarThunder\launcher.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuál konzolové verze RARu.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Nápověda WinRARu.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft\Any Video Converter\Any Video Converter.lnk - D:\Hry\Anvsoft\Any Video Converter\AVCFree.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft\Any Video Converter\Aplikace Any Video Converter na internetu.lnk - D:\hry\Anvsoft\Any Video Converter\AVCFree.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft\Any Video Converter\Odinstalovat aplikaci Any Video Converter.lnk - D:\Hry\Anvsoft\Any Video Converter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Elektronická registrace.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Odinstalovat hru Stubbs the Zombie - Rebel Without a Pulse.lnk - C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe /M{555ACAE5-B0D5-4E12-8F95-22757DEFAD0F}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Přečíst readme.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs the Zombie - Rebel Without a Pulse - Bezpečný mód.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs the Zombie - Rebel Without a Pulse.lnk - D:\Hry\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Web stránka Aspyr Media, Inc.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Webcam Recorder\Free Webcam Recorder.lnk - D:\Hry\freepicturesolutions\Free Webcam Recorder\Free Webcam Recorder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon\Game Dev Tycoon.lnk - D:\Hry\Game Dev Tycoon2\GameDevTycoon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon\Odinstalovat aplikaci Game Dev Tycoon.lnk - D:\Hry\Game Dev Tycoon2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Odinstalovat aplikaci Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk - C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office FrontPage 2003.lnk - C:\Windows\Installer\{90170405-6000-11D3-8CFE-0150048383C9}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Digitální certifikát pro projekty VBA.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Jazykové nastavení sady Microsoft Office 2003.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Microsoft Galerie médií.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Microsoft Office Picture Manager.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Obnovení aplikace sady Microsoft Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Průvodce uložením nastavení sady Microsoft Office 2003.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Digitální certifikát pro projekty v jazyce VBA.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Galerie médií.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Jazykové předvolby systému Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Microsoft Office 2010 Upload Center.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Microsoft Office Picture Manager.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast + DLC Whistleblower\Odinstalovat Outlast + DLC Whistleblower.lnk - D:\Hry\Outlast + DLC Whistleblower\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast + DLC Whistleblower\Outlast + DLC Whistleblower - Danik1B9.lnk - D:\hry\Outlast + DLC Whistleblower\OutlastLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0 Readme.lnk - D:\Hry\obrázek\Nová složka (2)\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0.lnk - D:\Hry\obrázek\Nová složka (2)\vegas110.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Video Capture 6.0 Readme.lnk - D:\Hry\obrázek\Nová složka (2)\Readme\Videocapture_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceMonger\SpaceMonger User's Manual.lnk - C:\Program Files\SpaceMonger\doc\us\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceMonger\SpaceMonger.lnk - C:\Program Files\SpaceMonger\SpaceMonger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceMonger\Uninstall SpaceMonger.lnk - C:\Program Files\SpaceMonger\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuál konzolové verze RARu.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Nápověda WinRARu.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
http://www.imperiaonline.org/?ref_ad=src123C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KMPlayer.exe.lnk - C:\KMPlayer\KMPlayer.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== shortcuts After Repair ======================
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2204 folders=941 716466191 bytes)
==== Empty Temp Folders ======================
C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied
==== EOF on so 21.03.2015 at 14:31:51,99 ======================