# AdwCleaner v5.002 - Logfile created 19/08/2015 at 17:27:09
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 10 Home (x86)
# Username : Tomáš - DOMÁCÍ
# Running from : C:\Users\Tomik\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\Goobzo
[-] Folder Deleted : C:\Users\Public\Documents\Goobzo
[-] Folder Deleted : C:\Users\Tomik\AppData\Local\FileViewPro
[-] Folder Deleted : C:\Users\Tomik\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\Conduit
[-] Folder Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\ConduitEngine
[-] Folder Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\ICQToolbarData
[-] Folder Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
***** [ Files ] *****
[-] File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\bprotector_extensions.sqlite
[-] File Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\bprotector_prefs.js
[-] File Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\invalidprefs.js
[-] File Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\searchplugins\Babylon.xml
[-] File Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\searchplugins\BrowserProtect.xml
[-] File Deleted : C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\user.js
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : Inst_Rep
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\SDP
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [TheTorntv V10-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[-] Key Deleted : HKU\.DEFAULT\Software\Goobzo
[-] Key Deleted : HKCU\Software\Goobzo
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
***** [ Web browsers ] *****
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CT2463487.SearchFromAddressBarUrl", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=2&CUI=UN40503431461772443&UM=4&q=");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CT2463487.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT2463487&octid=CT2463487&ISID=ISID_ID&SearchSource=15&CUI=UN40503431461772443&Lay=1&[...]
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CT2463487.smartbar.CTID", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CT2463487.smartbar.Uninstall", "0");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CT2463487.smartbar.homepage", true);
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CT2463487.smartbar.toolbarName", "Brothersoft ");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2463487&SearchSource=13,hxxp://search.conduit.com/?ctid=CT2463487&SearchSource=13,hxxp://search.conduit.com/?ctid=[...]
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Brothersoft Customized Web Search,Brothersoft Customized Web Search,Brothersoft Customized Web Search,Brothersoft Customized Web Search,Brothersoft Cus[...]
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://Settings.toolbar.search.conduit. ... /CT2463487", "\"c2cea7de4295f8f991a741c5cb625fc43\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://appsmetadata.toolbar.conduit-ser ... =CT2463487", "\"1365959693\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://dynamicdialogs.toolbar.conduit-s ... r=3.18.0.7", "\"0343677cfb1cd1:0\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://dynamicdialogs.toolbar.conduit-s ... r=3.19.0.3", "\"23c5489aa686ce1:0\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://dynamicdialogs.toolbar.conduit-s ... r=3.20.0.4", "\"dfe74040abc2ce1:0\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://servicemap.conduit-services.com/ ... =CT2463487", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ETag.
hxxp://translation.toolbar.conduit-serv ... ?locale=en", "\"968402cf2834e7ec0f38a19f0e9a9eb0\"");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.globalUserId", "13438a39-3c01-4f16-873a-18d514e3b386");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT2463487&SearchSource=13");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Brothersoft Customized Web Search");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://trovi.com/?ctid=CT2463487&SearchSource=13&CUI=UN40503431461772443");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://trovi.com/?ctid=CT2463487&SearchSource=13&CUI=UN40503431461772443");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.TBSearchEngineList", "");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.TBSearchUrlList", "");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119816&tt=040413_9114&babsrc=HP_ss&mntrId=218820CF309BD999");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "Brothersoft Customized Web Search");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "Search The Web");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=2&CUI=UN40503431461772443&UM=4&q=");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://trovi.com/?ctid=CT2463487&SearchSource=13&CUI=UN40503431461772443");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=2&CUI=UN40503431461772443&UM=4&q=");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.homePageOwnerCTID", "CT2463487");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.homepageList", "hxxp://trovi.com/?ctid=CT2463487&SearchSource=13&CUI=UN40503431461772443");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "YFBQO9YMBT0MC+KYXPCGNPA4B8ESPUWCJ6JZV5IB2RNRKWDXV66ZSCKC5ECM6IFVKREKILTLGPRKXIAE9D/67A");
[-] [C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js] [Preference] Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=2&CUI=UN40503431461772443&UM=4&q=");
*************************
:: Proxy settings cleared;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 10 Home x86
Ran by Tom ç on st 19.08.2015 at 17:35:06,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DBFD4708-D2A8-467E-8A34-A4D42AC47B81}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F1AAB545-2F17-4771-B012-CDCBCAF7BC46}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\Tomik\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Tomik\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Tomik\AppData\Roaming\getrighttogo
~~~ FireFox
Successfully deleted the following from C:\Users\Tomik\AppData\Roaming\mozilla\firefox\profiles\d5xqvmuk.default\prefs.js
user_pref(CT2463487.CT2463487ads1.enc, JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMTUwODgwJTIyJTJDJTIydGl0bGUlMjIlM0ElMjJTcGVlZCUyMFVwJTIwWW91ciUyMERvd25sb2FkJTIxJTIyJ
user_pref(CT2463487.CT2463487current_term.enc, );
user_pref(CT2463487.CT2463487sdate.enc, MjA=);
user_pref(CT2463487.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2463487.FirstTime, true);
user_pref(CT2463487.FirstTimeFF3, true);
user_pref(CT2463487.RestartDialogFirstTime, false);
user_pref(CT2463487.RestartDialogShouldDisplay, false);
user_pref(CT2463487.UserID, UN40503431461772443);
user_pref(CT2463487.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2463487.appOptions, {});
user_pref(CT2463487.browser.search.defaultthis.engineName, true);
user_pref(CT2463487.countryCode, CZ);
user_pref(CT2463487.firstTimeDialogOpened, true);
user_pref(CT2463487.fixPageNotFoundErrorByUser, TRUE);
user_pref(CT2463487.fixPageNotFoundErrorInHidden, true);
user_pref(CT2463487.fullUserID, UN40503431461772443.UP.202502081936);
user_pref(CT2463487.installType, Unknown);
user_pref(CT2463487.isCheckedStartAsHidden, true);
user_pref(CT2463487.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT2463487.isFirstTimeToolbarLoading, false);
user_pref(CT2463487.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT2463487.isWelcomPage, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2463487.keyword, true);
user_pref(CT2463487.lastVersion, 10.35.0.503);
user_pref(CT2463487.mam_gk_installer_preapproved.enc, VFJVRQ==);
user_pref(CT2463487.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\hxxp%3A%2F%2Fwww.risingcities.com%2F%3Faction%3DinternalGame\,\EB_MAIN_FRAME_T
user_pref(CT2463487.originalHomepage, about:superstart);
user_pref(CT2463487.originalSearchAddressUrl, false);
user_pref(CT2463487.originalSearchEngine, Google);
user_pref(CT2463487.originalSearchEngineName, Google);
user_pref(CT2463487.performedDomainChangesMigration, true);
user_pref(CT2463487.searchFromAddressBarEnabledByUser, true);
user_pref(CT2463487.searchInNewTabEnabledByUser, true);
user_pref(CT2463487.searchInNewTabEnabledInHidden, true);
user_pref(CT2463487.searchSuggestEnabledByUser, True);
user_pref(CT2463487.searchUninstallUserMode, 4);
user_pref(CT2463487.searchUserMode, 4);
user_pref(CT2463487.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2463487.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2463487.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2463487.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2463487\});
user_pref(CT2463487.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://Brothersoft.OurToolbar.com//xpi\});
user_pref(CT2463487.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\Brothersoft \});
user_pref(CT2463487.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2463487.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2463487.serviceLayer_services_Configuration_lastUpdate, 1416402732594);
user_pref(CT2463487.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1416402735298);
user_pref(CT2463487.serviceLayer_services_appsMetadata_lastUpdate, 1416402734779);
user_pref(CT2463487.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1416402734815);
user_pref(CT2463487.serviceLayer_services_login_10.23.0.822_lastUpdate, 1416462021855);
user_pref(CT2463487.serviceLayer_services_login_10.35.0.503_lastUpdate, 1416483886515);
user_pref(CT2463487.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1416402735168);
user_pref(CT2463487.serviceLayer_services_searchAPI_lastUpdate, 1416402734999);
user_pref(CT2463487.serviceLayer_services_serviceMap_lastUpdate, 1416402732460);
user_pref(CT2463487.serviceLayer_services_setupAPI_lastUpdate, 1416402733851);
user_pref(CT2463487.serviceLayer_services_toolbarContextMenu_lastUpdate, 1416402735055);
user_pref(CT2463487.serviceLayer_services_toolbarSettings_lastUpdate, 1416483886098);
user_pref(CT2463487.serviceLayer_services_translation_lastUpdate, 1416402735680);
user_pref(CT2463487.settingsINI, true);
user_pref(CT2463487.showToolbarPermission, false);
user_pref(CT2463487.toolbarBornServerTime, 19-11-2014);
user_pref(CT2463487.toolbarCurrentServerTime, 20-11-2014);
user_pref(CT2463487.toolbarInstallDate, 19-11-2014 14:12:13);
user_pref(CT2463487.toolbarLoginClientTime, Wed Nov 19 2014 14:12:13 GMT+0100);
user_pref(CT2463487_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1416483866457,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(valueApps.CT2463487./9B+7E+x305, 2423);
user_pref(valueApps.CT2463487./9B+7E+x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E,x305, 2423);
user_pref(valueApps.CT2463487./9B+7E,x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E-x305, 2423);
user_pref(valueApps.CT2463487./9B+7E-x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E.:2z527, 2423);
user_pref(valueApps.CT2463487./9B+7E.:2z527.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E.x305, 2423);
user_pref(valueApps.CT2463487./9B+7E.x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E/x305, 2423);
user_pref(valueApps.CT2463487./9B+7E/x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E06CG5EL8:, 6E6C706C6F74736F7277);
user_pref(valueApps.CT2463487./9B+7E06CG5EL8:.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E06CG5EL;8I:K, 247E2D2F226A74727672757A7975787D242F4B49474F42357D5D5C3D);
user_pref(valueApps.CT2463487./9B+7E06CG5EL;8I:K.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E0x305, 2423);
user_pref(valueApps.CT2463487./9B+7E0x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E1x305, 2423);
user_pref(valueApps.CT2463487./9B+7E1x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E2x305, 2423);
user_pref(valueApps.CT2463487./9B+7E2x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E3x305, 2423);
user_pref(valueApps.CT2463487./9B+7E3x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E4x305, 2423);
user_pref(valueApps.CT2463487./9B+7E4x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E5x305, 2423);
user_pref(valueApps.CT2463487./9B+7E5x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E6x305, 2423);
user_pref(valueApps.CT2463487./9B+7E6x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E7x305, 2423);
user_pref(valueApps.CT2463487./9B+7E7x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E8x305, 2423);
user_pref(valueApps.CT2463487./9B+7E8x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E9x305, 2423);
user_pref(valueApps.CT2463487./9B+7E9x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E:x305, 2423);
user_pref(valueApps.CT2463487./9B+7E:x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E;x305, 2423);
user_pref(valueApps.CT2463487./9B+7E;x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E<x305, 2423);
user_pref(valueApps.CT2463487./9B+7E<x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E=x305, 2423);
user_pref(valueApps.CT2463487./9B+7E=x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E>x305, 2423);
user_pref(valueApps.CT2463487./9B+7E>x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E?x305, 2423);
user_pref(valueApps.CT2463487./9B+7E?x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7E@x305, 2423);
user_pref(
valueApps.CT2463487./9B+7E@x305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7EAx305, 2423);
user_pref(valueApps.CT2463487./9B+7EAx305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7EBE3G=;D9N9=D, 372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D337D56545138505C);
user_pref(valueApps.CT2463487./9B+7EBE3G=;D9N9=D.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7EBx305, 2423);
user_pref(valueApps.CT2463487./9B+7EBx305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7ECx305, 2423);
user_pref(valueApps.CT2463487./9B+7ECx305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7EDx305, 2423);
user_pref(valueApps.CT2463487./9B+7EDx305.storedInFile, false);
user_pref(valueApps.CT2463487./9B+7Etx305, 2423);
user_pref(valueApps.CT2463487./9B+7Etx305.storedInFile, false);
user_pref(valueApps.CT2463487./9B-0?3G>D, 3C6D3B416A4375727A70474877207C4D4B7A2550527D212A532423542C2D28592C5B5C32);
user_pref(valueApps.CT2463487./9B-0?3G>D.storedInFile, false);
user_pref(valueApps.CT2463487./9B-0?3G@6:5;, );
user_pref(valueApps.CT2463487./9B-0?3G@6:5;.storedInFile, false);
user_pref(valueApps.CT2463487./9B-0?3GFA7EF, 2B2E2C3D);
user_pref(valueApps.CT2463487./9B-0?3GFA7EF.storedInFile, false);
user_pref(valueApps.CT2463487./9B-3=3ECCJA=F>, 247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E);
user_pref(valueApps.CT2463487./9B-3=3ECCJA=F>.storedInFile, false);
user_pref(valueApps.CT2463487./9B/>01=9A6K6<IM;KRIE@PDAWM, 676A6D7273747576);
user_pref(valueApps.CT2463487./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile, false);
user_pref(valueApps.CT2463487./9B3=>@44I48?, 372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F);
user_pref(valueApps.CT2463487./9B3=>@44I48?.storedInFile, false);
user_pref(valueApps.CT2463487./9B5BA==9CJAG, 6E6F3E6D6E6D43407A76757A767C794A7D774D2152);
user_pref(valueApps.CT2463487./9B5BA==9CJAG.storedInFile, false);
user_pref(valueApps.CT2463487./9B6B11G4C56B>F;P;ANR@P, 6E6C706C6F74736F7370707479);
user_pref(valueApps.CT2463487./9B6B11G4C56B>F;P;ANR@P.storedInFile, false);
user_pref(valueApps.CT2463487./9B90E@.3C;7B=?OFB>>RHIQS, 393F352F3E);
user_pref(valueApps.CT2463487./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile, false);
user_pref(valueApps.CT2463487./9B9643G3/9E, 6A);
user_pref(valueApps.CT2463487./9B9643G3/9E.storedInFile, false);
user_pref(valueApps.CT2463487./9B;45>:BI9I7IE, 2B2E2C3D);
user_pref(valueApps.CT2463487./9B;45>:BI9I7IE.storedInFile, false);
user_pref(valueApps.CT2463487./9B<:222H64<, 393F352F3E);
user_pref(valueApps.CT2463487./9B<:222H64<.storedInFile, false);
user_pref(valueApps.CT2463487./9B<:222H64<L8DAJ, 6D70706E76737479766F2A7978727C7C757D21);
user_pref(valueApps.CT2463487./9B<:222H64<L8DAJ.storedInFile, false);
user_pref(valueApps.CT2463487./9B=+03EH8H8J?:, 4443);
user_pref(valueApps.CT2463487./9B=+03EH8H8J?:.storedInFile, false);
user_pref(valueApps.CT2463487./9B?+E2A52D8, 372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52);
user_pref(valueApps.CT2463487./9B?+E2A52D8.storedInFile, false);
user_pref(valueApps.CT2463487./9B?B0D:8AJ62<H, 6D);
user_pref(valueApps.CT2463487./9B?B0D:8AJ62<H.storedInFile, false);
user_pref(valueApps.CT2463487./9BA@0<0BI6A7GN:6@L?, 6C);
user_pref(valueApps.CT2463487./9BA@0<0BI6A7GN:6@L?.storedInFile, false);
user_pref(valueApps.CT2463487.PG_ENABLE, 74727565);
user_pref(valueApps.CT2463487.PG_ENABLE.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_appStateReportTime, 31343136343632303031383533);
user_pref(valueApps.CT2463487.mam_gk_appStateReportTime.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_appState_CouponBuddy, 6F6E);
user_pref(valueApps.CT2463487.mam_gk_appState_CouponBuddy.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_appState_Easytobook, 6F6E);
user_pref(valueApps.CT2463487.mam_gk_appState_Easytobook.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_appState_Easytobook_targeted, 6F6E);
user_pref(valueApps.CT2463487.mam_gk_appState_Easytobook_targeted.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_appState_PriceGong, 6F6E);
user_pref(valueApps.CT2463487.mam_gk_appState_PriceGong.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_appsConfig.storedInFile, true);
user_pref(valueApps.CT2463487.mam_gk_appsDefaultEnabled, 6E756C6C);
user_pref(valueApps.CT2463487.mam_gk_appsDefaultEnabled.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_calledSetupService, 31);
user_pref(valueApps.CT2463487.mam_gk_calledSetupService.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_currentVersion, 312E31332E302E3137);
user_pref(valueApps.CT2463487.mam_gk_currentVersion.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_existingUsersRecoveryDone, 31);
user_pref(valueApps.CT2463487.mam_gk_existingUsersRecoveryDone.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_first_time, 31);
user_pref(valueApps.CT2463487.mam_gk_first_time.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_lastLoginTime, 31343136343632303032343231);
user_pref(valueApps.CT2463487.mam_gk_lastLoginTime.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_localization.storedInFile, true);
user_pref(valueApps.CT2463487.mam_gk_mamEnabled, 74727565);
user_pref(valueApps.CT2463487.mam_gk_mamEnabled.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_migrated_from_ls, 31);
user_pref(valueApps.CT2463487.mam_gk_migrated_from_ls.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_new_welcome_experience, 31);
user_pref(valueApps.CT2463487.mam_gk_new_welcome_experience.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_settings1.13.0.17.storedInFile, true);
user_pref(valueApps.CT2463487.mam_gk_showWelcomeGadget, 66616C7365);
user_pref(valueApps.CT2463487.mam_gk_showWelcomeGadget.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_stamp, 35345F30);
user_pref(valueApps.CT2463487.mam_gk_stamp.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_userBornDate, 4E2F41);
user_pref(valueApps.CT2463487.mam_gk_userBornDate.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_userId, 37356565663263632D636536372D343636632D616566612D363863333032613061306564);
user_pref(valueApps.CT2463487.mam_gk_userId.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_user_approval_interacted, 31);
user_pref(valueApps.CT2463487.mam_gk_user_approval_interacted.storedInFile, false);
user_pref(valueApps.CT2463487.mam_gk_welcomeDialogMode, 31);
user_pref(valueApps.CT2463487.mam_gk_welcomeDialogMode.storedInFile, false);
user_pref(valueApps.storage.mam_gk_userId, 37356565663263632D636536372D343636632D616566612D363863333032613061306564);
Emptied folder: C:\Users\Tomik\AppData\Roaming\mozilla\firefox\profiles\d5xqvmuk.default\minidumps [2 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 19.08.2015 at 17:40:20,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.orgDatum skenování: 19.8.2015
Čas skenování: 17:42
Protokol: AntiMalwer 03.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.08.19.04
Databáze rootkitů: v2015.08.16.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 10
CPU: x86
Souborový systém: NTFS
Uživatel: Tomáš
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 404082
Uplynulý čas: 20 min, 54 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.MyStartToolbar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${IEUTILSLIGHTELEVATIONPOLICYID}, Do karantény, [842cef1b8308ee48ff39515750b40000],
Hodnoty registru: 1
PUP.Optional.MyStartToolbar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${IEUTILSLIGHTELEVATIONPOLICYID}|AppPath, C:\Program Files\mystarttb, Do karantény, [842cef1b8308ee48ff39515750b40000]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 2
PUP.Optional.AmazonTB.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\jetpack\abb@amazon.com, Do karantény, [b6facd3d3a510333198441a953af1fe1],
PUP.Optional.AmazonTB.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\jetpack\abb@amazon.com\simple-storage, Do karantény, [b6facd3d3a510333198441a953af1fe1],
Soubory: 6
PUP.Optional.ICQPlugin.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\searchplugins\icqplugin-6.xml, Do karantény, [1a96709a0f7cba7cae0ffd2cd72c619f],
PUP.Optional.ICQPlugin.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\searchplugins\icqplugin-7.xml, Do karantény, [0ba552b8abe06cca9627171228db5aa6],
PUP.Optional.ICQPlugin.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\searchplugins\icqplugin-8.xml, Do karantény, [10a0ed1df19acc6a2b929b8e10f3837d],
PUP.Optional.ICQPlugin.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\searchplugins\icqplugin.xml, Do karantény, [743cb05ab9d2f83e3e7f9e8b44bfa65a],
PUP.Optional.AmazonTB.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\jetpack\abb@amazon.com\simple-storage\store.json, Do karantény, [b6facd3d3a510333198441a953af1fe1],
PUP.Optional.FastStart.A, C:\Users\Tomik\AppData\Roaming\Mozilla\Firefox\Profiles\d5xqvmuk.default\prefs.js, Dobré: (), Špatné: (
faststartff@gmail.com), Nahrazeno,[a907db2f91fa1c1a5d29c0d24db818e8]
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
RogueKiller V10.10.1.0 [Aug 17 2015] by Adlice Software
mail :
http://www.adlice.com/contact/Feedback :
http://forum.adlice.comWebová stránka :
http://www.adlice.com/softwares/roguekiller/Blog :
http://www.adlice.comOperační systém : Windows 10 (10.0.10240) 32 bits version
Spuštěno : Normální režim
Uživatel : Tomá? [Práva správce]
Started from : C:\Users\Tomik\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 08/19/2015 18:23:59
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 7 ¤¤¤
[VT.Unknown] HKEY_USERS\S-1-5-21-3838077319-2819224973-1163748220-1000\Software\Microsoft\Windows\CurrentVersion\Run | iTV : P:\iTV\iTV.exe [-] -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AvastVBoxSvc ("p:\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe") -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VBoxAswDrv (\??\p:\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.157.0.1 4.2.2.1 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.157.0.1 4.2.2.1 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22238426-badf-4f4a-a897-cdaf3c9f540d} | DhcpNameServer : 10.157.0.1 4.2.2.1 ([(Private Address) (XX)][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22238426-badf-4f4a-a897-cdaf3c9f540d} | DhcpNameServer : 10.157.0.1 4.2.2.1 ([(Private Address) (XX)][-]) -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUP][FIREFX:Addon] d5xqvmuk.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno
[PUM.HomePage][FIREFX:Config] d5xqvmuk.default : user_pref("browser.startup.homepage", "about:superstart"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 808b779f3aa6d93ac032ae2cb0191492
[BSP] af844db52f3e2dc8bbcfaea2697c61fe : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208896 | Size: 169153 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 346634505 | Size: 307681 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WD 5000AAV External USB Device +++++
--- User ---
[MBR] 847277f9b3757adf1cc9c7e3a17964b1
[BSP] 96545aae4c3a8e5d84fbb99372be0652 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )