Dobrý den, moc prosím o kontrolu logu z HJT. V prohlížečích se pořád zobrazují reklamy,kromě těch, co už tam byly. Notebook je pomalejší a topí i při minimální námaze. Moc díky
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:01:18, on 28.10.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Martin\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org/?bsrc=hmior&chid=c167991
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16194
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - (no file)
O3 - Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - (no file)
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-21-1628778170-4223881759-3681946860-1392\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1628778170-4223881759-3681946860-1392\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Služba Maxiget Update (mglupdate) (mglupdate) - Maxiget Ltd. - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe
O23 - Service: Služba Maxiget Update (mglupdatem) (mglupdatem) - Maxiget Ltd. - C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15156 bytes
Kontrola logu z HJT - naléhavé Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT - naléhavé
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu z HJT - naléhavé
Dobrý den, log z ADW Cleaner: # AdwCleaner v4.002 - Report created 29/10/2014 at 11:18:51
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\Spigot
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Program Files (x86)\Inbox Toolbar
Folder Found : C:\Program Files (x86)\IObit Apps Toolbar
Folder Found : C:\Program Files (x86)\Senses
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found : C:\ProgramData\ShopperPro
Folder Found : C:\Users\Martin\AppData\Local\b1e
Folder Found : C:\Users\Martin\AppData\Local\Babylon
Folder Found : C:\Users\Martin\AppData\Local\CrashRpt
Folder Found : C:\Users\Martin\AppData\Local\globalUpdate
Folder Found : C:\Users\Martin\AppData\Local\Slick Savings
Folder Found : C:\Users\Martin\AppData\Local\SwvUpdater
Folder Found : C:\Users\Martin\AppData\LocalLow\Datamngr
Folder Found : C:\Users\Martin\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Martin\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\Martin\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Martin\AppData\Roaming\B1Toolbar
Folder Found : C:\Users\Martin\AppData\Roaming\Babylon
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\Extensions\warnerroberts@hotmail.com
Folder Found : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Martin\AppData\Roaming\RHEng
Folder Found : C:\Users\Public\Documents\Goobzo
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Public\Documents\YTAHelper
***** [ Scheduled Tasks ] *****
Task Found : Driver Booster Scan
Task Found : Driver Booster Update
Task Found : ebcd74ed-0212-4188-b574-981f73363623-1
Task Found : ebcd74ed-0212-4188-b574-981f73363623-11
Task Found : ebcd74ed-0212-4188-b574-981f73363623-2
Task Found : ebcd74ed-0212-4188-b574-981f73363623-3
Task Found : ebcd74ed-0212-4188-b574-981f73363623-4
Task Found : ebcd74ed-0212-4188-b574-981f73363623-5
Task Found : ebcd74ed-0212-4188-b574-981f73363623-5_user
Task Found : ebcd74ed-0212-4188-b574-981f73363623-6
Task Found : ebcd74ed-0212-4188-b574-981f73363623-7
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\Senses
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\BetterSurf
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\inbox.appserver
Key Found : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Found : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Inbox Toolbar
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\PerformerSoft
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Senses
Key Found : HKLM\SOFTWARE\Senses-nv
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Found : [x64] HKLM\SOFTWARE\Senses-nv
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.b1.org/?bsrc=hmior&chid=c167991
-\\ Mozilla Firefox v32.0.3 (x86 cs)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [19878 octets] - [29/10/2014 11:18:51]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19939 octets] ##########
# Updated 27/10/2014 by Xplode
# Database : 2014-10-26.6
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\Spigot
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\GreenTree Applications
Folder Found : C:\Program Files (x86)\Inbox Toolbar
Folder Found : C:\Program Files (x86)\IObit Apps Toolbar
Folder Found : C:\Program Files (x86)\Senses
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found : C:\ProgramData\ShopperPro
Folder Found : C:\Users\Martin\AppData\Local\b1e
Folder Found : C:\Users\Martin\AppData\Local\Babylon
Folder Found : C:\Users\Martin\AppData\Local\CrashRpt
Folder Found : C:\Users\Martin\AppData\Local\globalUpdate
Folder Found : C:\Users\Martin\AppData\Local\Slick Savings
Folder Found : C:\Users\Martin\AppData\Local\SwvUpdater
Folder Found : C:\Users\Martin\AppData\LocalLow\Datamngr
Folder Found : C:\Users\Martin\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Martin\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\Martin\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Martin\AppData\Roaming\B1Toolbar
Folder Found : C:\Users\Martin\AppData\Roaming\Babylon
Folder Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\Extensions\warnerroberts@hotmail.com
Folder Found : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Martin\AppData\Roaming\RHEng
Folder Found : C:\Users\Public\Documents\Goobzo
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Public\Documents\YTAHelper
***** [ Scheduled Tasks ] *****
Task Found : Driver Booster Scan
Task Found : Driver Booster Update
Task Found : ebcd74ed-0212-4188-b574-981f73363623-1
Task Found : ebcd74ed-0212-4188-b574-981f73363623-11
Task Found : ebcd74ed-0212-4188-b574-981f73363623-2
Task Found : ebcd74ed-0212-4188-b574-981f73363623-3
Task Found : ebcd74ed-0212-4188-b574-981f73363623-4
Task Found : ebcd74ed-0212-4188-b574-981f73363623-5
Task Found : ebcd74ed-0212-4188-b574-981f73363623-5_user
Task Found : ebcd74ed-0212-4188-b574-981f73363623-6
Task Found : ebcd74ed-0212-4188-b574-981f73363623-7
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\Senses
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Search Settings
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\BetterSurf
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\inbox.appserver
Key Found : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Found : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Inbox Toolbar
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\PerformerSoft
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Senses
Key Found : HKLM\SOFTWARE\Senses-nv
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Found : [x64] HKLM\SOFTWARE\Senses-nv
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.b1.org/?bsrc=hmior&chid=c167991
-\\ Mozilla Firefox v32.0.3 (x86 cs)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [19878 octets] - [29/10/2014 11:18:51]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19939 octets] ##########
Re: Kontrola logu z HJT - naléhavé
A tady je z Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 29.10.2014
Scan Time: 12:33:17
Logfile: log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.29.04
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474549
Time Elapsed: 27 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-6.exe, 7492, , [641437e31864f24465d8e8d037ca649c]
Modules: 0
(No malicious items detected)
Registry Keys: 50
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{042DA63B-0933-403D-9395-B49307691690}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CBEF8724-D080-4737-88DA-111EEC6651AA}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CBEF8724-D080-4737-88DA-111EEC6651AA}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\Inbox.JSServer, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.JSServer, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\Inbox.IBX404, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.IBX404, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\Inbox.Toolbar, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.Toolbar, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.Inbox, HKLM\SOFTWARE\CLASSES\TYPELIB\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, HKLM\SOFTWARE\CLASSES\INTERFACE\{28C3737A-32D1-492D-B76B-8D75EBBFB887}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C3737A-32D1-492D-B76B-8D75EBBFB887}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192215}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194415}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195515}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196615}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195515}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196615}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194415}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox.1, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox.1, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192215}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, , [46323cdea4d8999dd64db79a8b78b947],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER, , [c7b10b0f2f4d94a2da87be6cb350bc44],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apgjagobplilmcdfelodhgefiidomnfl, , [e09829f1b1cbf64080f4320281828e72],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, , [e98f1703d5a7191df5860f376e9507f9],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, , [176189914636bc7a1fccad9954af08f8],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmcmflmkceipgecmhoddphflfndnfbbe, , [82f6e5351369d95db7b5d1c3ee161fe1],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\INBOX TOOLBAR, , [294f2cee403cba7c5c52223bf40fed13],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\20891, , [babe62b85c20a09629fa6fe236cd37c9],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [0e6a6bafb4c8d165574e06906d97fd03],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [94e4fb1fdd9fef47881ecdc96d97b14f],
PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, , [76023cdeff7df3432571aaca49bb6f91],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, , [43353cde68140e285f010822a360827e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [3e3aa278ed8f999d28b5daad49bb28d8],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [1c5c89916f0d56e0bae5dab990748878],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, , [15637b9f7606ff37be2267c2b2516799],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, , [96e259c1f488c86e7f3ec3c527dd0cf4],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS, , [a9cf4ecc8cf0d75f72eb8d9df50ef010],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [ccac1efc0f6d4beb2f7179d3d3306898],
Registry Values: 6
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, , [463269b1b1cb5cda993ff2a6a45d956b]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER|serverURL, http://www.mybrowserbar.com/, , [c7b10b0f2f4d94a2da87be6cb350bc44]
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\INBOX TOOLBAR|FF_INSTAL, 0, , [294f2cee403cba7c5c52223bf40fed13]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, , [43353cde68140e285f010822a360827e]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS|GCProtected, 0, , [a9cf4ecc8cf0d75f72eb8d9df50ef010]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, , [79ff2af064182313f98f8f8c2bd826da]
Registry Data: 0
(No malicious items detected)
Folders: 41
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.SoftwareUpdater.A, C:\Users\Martin\AppData\Local\SwvUpdater, , [4731ad6d96e62f078048f63f6c9703fd],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Plugins, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Update, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\1D06118C303047E498EE1561A547BD0E, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\435842085BEA4500A3458CAE61A13029, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\D7793ABFBC9E435F9312F662DEFD99DB, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.Datamngr.A, C:\Users\Martin\AppData\LocalLow\DataMngr, , [53250e0cc5b79c9aa04b689331d1cb35],
PUP.Optional.Spigot.A, C:\Users\Martin\AppData\LocalLow\Search Settings, , [7701a773ff7d3bfb0591f419e02327d9],
PUP.Optional.Spigot.A, C:\Users\Martin\AppData\LocalLow\Search Settings\res, , [7701a773ff7d3bfb0591f419e02327d9],
PUP.Optional.Spigot.A, C:\Users\Martin\AppData\LocalLow\Search Settings\temp, , [7701a773ff7d3bfb0591f419e02327d9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{90786DC5-CD89-4C7F-A834-341E36E11A57}, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, , [c4b4cc4e166695a198ba9c76bc470ff1],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\defaults, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\defaults\preferences, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\userCode, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\locale, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\locale\en-US, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro, , [077165b5e19b80b6a036cc4d71927d83],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, , [79ff2af064182313f98f8f8c2bd826da],
Files: 212
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-6.exe, , [641437e31864f24465d8e8d037ca649c],
PUP.Optional.InboxToolBar.A, C:\Program Files (x86)\Inbox Toolbar\Inbox.dll, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\AOMUOS.exe, , [07719288512b71c597a696220df4f40c],
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\XTBOI.exe, , [48304dcde69667cf28159424f70aaf51],
PUP.Optional.4Shared, C:\Users\Martin\Desktop\(ASUS Sonic Focus + ASUS Sonic Master)_1.0.0004_Win7.exe, , [83f5a3778fed1e188e0c9a844eb2ce32],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, , [463269b1b1cb5cda993ff2a6a45d956b],
PUP.Optional.Spigot.A, C:\Program Files (x86)\IObit Apps Toolbar\WidgiHelper.exe, , [c6b2a1794b31a09644955642629f5ba5],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Inbox.exe, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll, , [aacec6545527c47239820718629fe31d],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-3.exe, , [85f325f5d4a8ac8a73ca7642679a8c74],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-11.exe, , [77013fdbe9932e08c07ddddb30d16c94],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-2.exe, , [8fe9fb1fdaa2e6504feeeace1ce5d42c],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-4.exe, , [45338595f48863d3221bcdeb57aa06fa],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-5.exe, , [b1c72bef27550e28ec51e5d349b87a86],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-64.exe, , [4a2ea7733a426acc74c9ccecb24f5aa6],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-7.exe, , [d99f47d3bfbdbc7a6ad35d5b3cc57888],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bho.dll, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bho64.dll, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Senses\utils.exe, , [4434d545b6c671c5fc17b0a9b14fab55],
PUP.Optional.Amonetize.A, C:\Users\Martin\AppData\Local\SwvUpdater\Updater.exe, , [c9af5ebc66164aec8c4af33c7e8310f0],
PUP.Optional.Spigot.A, C:\Windows\Installer\4ef08.msi, , [72068f8b502cd85e62ab9929f01141bf],
PUP.Optional.SweetIM, C:\Windows\Installer\1b786a.msi, , [2d4b48d2f4883204c899e27524e12bd5],
PUP.Optional.iWebar, C:\Windows\System32\Tasks\Installer_iwebar, , [6a0ea3772b51d56177ec37f6e02348b8],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\background.html, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\0a4defdb-42ce-4536-bfd5-e698a5be66dd.crx, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\0a4defdb-42ce-4536-bfd5-e698a5be66dd.dll, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\1293297481.mxaddon, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\40916eb6-9389-466c-9f56-9806cc3a9cb7.dll, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\651e3cc7-ef53-4a09-84e6-8cc64b8e43d6.crx, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\bgNova.html, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623.crx, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623.xpi, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.SoftwareUpdater.A, C:\Users\Martin\AppData\Local\SwvUpdater\Updater.xml, , [4731ad6d96e62f078048f63f6c9703fd],
PUP.Optional.SoftwareUpdater.A, C:\Users\Martin\AppData\Local\SwvUpdater\status.cfg, , [4731ad6d96e62f078048f63f6c9703fd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-1, , [3f399288ed8f0b2b64b47abc15eee11f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-11, , [93e5ef2be19b91a52deb77bf7e85738d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-2, , [106820fafb8115219f790d291fe414ec],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-3, , [d5a346d4116b280edc3c06304fb44fb1],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-4, , [5e1a67b31864dd5903150d29ef148878],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5, , [fd7b9c7ef5878da9ba5e2b0bca398878],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5_user, , [a2d634e6ceae10260216e84e62a15fa1],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-6, , [e296ef2bf686bc7a21f72d093cc701ff],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-7, , [e1979d7dd0ac51e56fa942f434cf06fa],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\setupcfg.ini, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Inbox.ini, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\unins000.dat, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\unins000.exe, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\unins000.msg, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\uninstall.ini, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\burgundy_green.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\general_youtube2.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_news_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_online_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_programs_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_search_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.ver, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome\sqlite3.dll, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Searchqu.A, C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [5127eb2f3e3e69cdcd42c9abc93bf40c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-1.job, , [6e0a0416611ba98d90ab8f05bd4722de],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-11.job, , [106874a6c0bc3bfbba81a7edac587090],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-2.job, , [a8d0d149067671c5c2792470857f50b0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-3.job, , [0a6e9c7e6517eb4b2b10266e1ee603fd],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-4.job, , [d3a5819959230f27b18af89cf410629e],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5.job, , [1068f426077569cdf843a6eed2329c64],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5_user.job, , [abcd39e1e09c280ed16afe9646be17e9],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-6.job, , [3d3b55c58eeef5416ecd454fd92b0af6],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-7.job, , [7efa3cde522a43f342f9f2a2a75d08f8],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\435842085BEA4500A3458CAE61A13029\PasswordBoxCHSTORE_p1v0.exe, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.Datamngr.A, C:\Users\Martin\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [53250e0cc5b79c9aa04b689331d1cb35],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, , [c4b4cc4e166695a198ba9c76bc470ff1],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome.manifest, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\install.rdf, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\33432e0fa2109c062816fad463a9a30c.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\58786cb5db5c4325e8c66857887b46e2.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\5a055b75f3b6204e37de6d7c29818c0b.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\background.html, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\browser.xul, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\dialog.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\e20bd472dd35b22820c7e4b7b3851f72.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\ef5dda8478d489db063cedfeb03e5aa2.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\f9d183a3bec062b7cb8fca973ed7d53e.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\ffCoreFilesIndex.txt, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\options.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\options.xul, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\search_dialog.xul, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\6412d8e8d23e881f3a0a5a0504273014.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\025fd2a6267d39c3b07736e84b4897a3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\06d48318c31a1358700779bcfb0ac1c7.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\0d5c29363b8208f714cf86532ad59523.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\15883f2ed73a41fc2fa58f1d04c8ace3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\19c14520629e4ba725485111e8ad47c9.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\2d8f8810d5e9fab006638ba39b5747fc.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\46fc38bde16fea4ad1c85c9dd88dc7d3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\49e49cf2e359fe987609b6ee4b414e30.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\6d9c380f3d9224d545c46be4320a01f3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\7d48b00ff6dc226d94e97c9b535505a4.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\8211197088ab7b38d0a7cbd5f00d9537.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\8a5fad5b9d01555c533ee3aabca5304e.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\b6ab017fb701fb537177cde36a5d92f0.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\cd2a51926b03b148ab56a8e8c8dec7be.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\d8b0a1c93f44e8c27646bf4b12854879.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\8aab217e12d4b0c4011c4c8d73f1998b.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\015520d7b645b8d1051a734280cae81c.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\2f1be68c9e341953a8fdc03d3f3d5367.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\3c8d7cfff66739619d7716a520068d7f.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\4dcaf9160c02de651668a00e4f8c02be.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\5e2e0a05f92a8a046f7bf3a7a35bd054.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\6a6be074d98a5ffddf453c87a7563cbc.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\7d92fae8b383ddd0280c1824db18f679.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\87de939b2c895a479d948a4ed75e3867.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\91a1fece43ea1d6ebe95122243387700.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\9ea25ab0cb10b069c5e96a981dbd4cb5.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\9f319db0ce88990cfeec915bcfd34962.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\a38b0bd7365aa7206b0061abc4b91bd7.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\a80bd0f5e61a2c7ec6316db93d6e227d.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\aef3a938f7562af8cb458b02bf2d14f3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\b3ce06c349bf229dd17bf0a6efc752e3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\ba71c8b7bdb686a952badf512db3575d.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\d1da5a68add58a5509bd982dab43abe9.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\ebde113908053154795e101c735131f0.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\eec360f29fccff4baa479dff83757357.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\installer.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\defaults\preferences\prefs.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\manifest.xml, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins.json, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\223.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\1.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\102.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\104.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\123.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\13.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\14.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\16.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\17.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\177.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\180.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\182.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\183.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\184.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\192.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\193.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\195.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\207.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\21.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\22.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\220.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\221.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\226.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\239.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\244.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\246.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\262.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\263.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\268.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\273.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\28.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\281.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\288.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\300.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\4.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\47.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\64.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\7.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\72.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\78.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\9.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\91.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\98.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\userCode\background.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\userCode\extension.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\locale\en-US\translations.dtd, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button1.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button2.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button3.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button4.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button5.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\crossrider_statusbar.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon128.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon16.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon24.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon48.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\panelarrow-up.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\popup.html, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\skin.css, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\update.css, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro\ShopperPro.dll, , [077165b5e19b80b6a036cc4d71927d83],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro\ShopperPro64.dll, , [077165b5e19b80b6a036cc4d71927d83],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth187.dll, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx187.dll, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1492c3eb77000bcb49b395e2cda7a383");), ,[b6c28c8ebbc1aa8ced6dec7b699c58a8]
Physical Sectors: 0
(No malicious items detected)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 29.10.2014
Scan Time: 12:33:17
Logfile: log.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.29.04
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474549
Time Elapsed: 27 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-6.exe, 7492, , [641437e31864f24465d8e8d037ca649c]
Modules: 0
(No malicious items detected)
Registry Keys: 50
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{042DA63B-0933-403D-9395-B49307691690}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CBEF8724-D080-4737-88DA-111EEC6651AA}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CBEF8724-D080-4737-88DA-111EEC6651AA}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\Inbox.JSServer, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.JSServer, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\Inbox.IBX404, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.IBX404, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\CLASSES\Inbox.Toolbar, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.Toolbar, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.Inbox, HKLM\SOFTWARE\CLASSES\TYPELIB\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, HKLM\SOFTWARE\CLASSES\INTERFACE\{28C3737A-32D1-492D-B76B-8D75EBBFB887}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{28C3737A-32D1-492D-B76B-8D75EBBFB887}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192215}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194415}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195515}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196615}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655195515}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666196615}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644194415}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox.1, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cb53b500f3e90131a6091fb939dcadf40061915.Sandbox.1, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622192215}, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, , [46323cdea4d8999dd64db79a8b78b947],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER, , [c7b10b0f2f4d94a2da87be6cb350bc44],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apgjagobplilmcdfelodhgefiidomnfl, , [e09829f1b1cbf64080f4320281828e72],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, , [e98f1703d5a7191df5860f376e9507f9],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, , [176189914636bc7a1fccad9954af08f8],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmcmflmkceipgecmhoddphflfndnfbbe, , [82f6e5351369d95db7b5d1c3ee161fe1],
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\INBOX TOOLBAR, , [294f2cee403cba7c5c52223bf40fed13],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\20891, , [babe62b85c20a09629fa6fe236cd37c9],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [0e6a6bafb4c8d165574e06906d97fd03],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [94e4fb1fdd9fef47881ecdc96d97b14f],
PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, , [76023cdeff7df3432571aaca49bb6f91],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, , [43353cde68140e285f010822a360827e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [3e3aa278ed8f999d28b5daad49bb28d8],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [1c5c89916f0d56e0bae5dab990748878],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, , [15637b9f7606ff37be2267c2b2516799],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, , [96e259c1f488c86e7f3ec3c527dd0cf4],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS, , [a9cf4ecc8cf0d75f72eb8d9df50ef010],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [ccac1efc0f6d4beb2f7179d3d3306898],
Registry Values: 6
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, , [463269b1b1cb5cda993ff2a6a45d956b]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER|serverURL, http://www.mybrowserbar.com/, , [c7b10b0f2f4d94a2da87be6cb350bc44]
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\INBOX TOOLBAR|FF_INSTAL, 0, , [294f2cee403cba7c5c52223bf40fed13]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, , [43353cde68140e285f010822a360827e]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS|GCProtected, 0, , [a9cf4ecc8cf0d75f72eb8d9df50ef010]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, , [79ff2af064182313f98f8f8c2bd826da]
Registry Data: 0
(No malicious items detected)
Folders: 41
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.SoftwareUpdater.A, C:\Users\Martin\AppData\Local\SwvUpdater, , [4731ad6d96e62f078048f63f6c9703fd],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Plugins, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Update, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\1D06118C303047E498EE1561A547BD0E, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\435842085BEA4500A3458CAE61A13029, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\D7793ABFBC9E435F9312F662DEFD99DB, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.Datamngr.A, C:\Users\Martin\AppData\LocalLow\DataMngr, , [53250e0cc5b79c9aa04b689331d1cb35],
PUP.Optional.Spigot.A, C:\Users\Martin\AppData\LocalLow\Search Settings, , [7701a773ff7d3bfb0591f419e02327d9],
PUP.Optional.Spigot.A, C:\Users\Martin\AppData\LocalLow\Search Settings\res, , [7701a773ff7d3bfb0591f419e02327d9],
PUP.Optional.Spigot.A, C:\Users\Martin\AppData\LocalLow\Search Settings\temp, , [7701a773ff7d3bfb0591f419e02327d9],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{90786DC5-CD89-4C7F-A834-341E36E11A57}, , [fe7a62b85e1e5bdba4c334db00032fd1],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, , [c4b4cc4e166695a198ba9c76bc470ff1],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\defaults, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\defaults\preferences, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\userCode, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\locale, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\locale\en-US, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro, , [077165b5e19b80b6a036cc4d71927d83],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, , [79ff2af064182313f98f8f8c2bd826da],
Files: 212
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-6.exe, , [641437e31864f24465d8e8d037ca649c],
PUP.Optional.InboxToolBar.A, C:\Program Files (x86)\Inbox Toolbar\Inbox.dll, , [0078170325575ed859eed7d203ff39c7],
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\AOMUOS.exe, , [07719288512b71c597a696220df4f40c],
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\XTBOI.exe, , [48304dcde69667cf28159424f70aaf51],
PUP.Optional.4Shared, C:\Users\Martin\Desktop\(ASUS Sonic Focus + ASUS Sonic Master)_1.0.0004_Win7.exe, , [83f5a3778fed1e188e0c9a844eb2ce32],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, , [463269b1b1cb5cda993ff2a6a45d956b],
PUP.Optional.Spigot.A, C:\Program Files (x86)\IObit Apps Toolbar\WidgiHelper.exe, , [c6b2a1794b31a09644955642629f5ba5],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Inbox.exe, , [a0d81505c0bcff374c6fa37cb34ea25e],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll, , [aacec6545527c47239820718629fe31d],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-3.exe, , [85f325f5d4a8ac8a73ca7642679a8c74],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-11.exe, , [77013fdbe9932e08c07ddddb30d16c94],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-2.exe, , [8fe9fb1fdaa2e6504feeeace1ce5d42c],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-4.exe, , [45338595f48863d3221bcdeb57aa06fa],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-5.exe, , [b1c72bef27550e28ec51e5d349b87a86],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-64.exe, , [4a2ea7733a426acc74c9ccecb24f5aa6],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623-7.exe, , [d99f47d3bfbdbc7a6ad35d5b3cc57888],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bho.dll, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\Senses-bho64.dll, , [27512dedf08c84b204394c6cd42d9d63],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Senses\utils.exe, , [4434d545b6c671c5fc17b0a9b14fab55],
PUP.Optional.Amonetize.A, C:\Users\Martin\AppData\Local\SwvUpdater\Updater.exe, , [c9af5ebc66164aec8c4af33c7e8310f0],
PUP.Optional.Spigot.A, C:\Windows\Installer\4ef08.msi, , [72068f8b502cd85e62ab9929f01141bf],
PUP.Optional.SweetIM, C:\Windows\Installer\1b786a.msi, , [2d4b48d2f4883204c899e27524e12bd5],
PUP.Optional.iWebar, C:\Windows\System32\Tasks\Installer_iwebar, , [6a0ea3772b51d56177ec37f6e02348b8],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\background.html, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\0a4defdb-42ce-4536-bfd5-e698a5be66dd.crx, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\0a4defdb-42ce-4536-bfd5-e698a5be66dd.dll, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\1293297481.mxaddon, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\40916eb6-9389-466c-9f56-9806cc3a9cb7.dll, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\651e3cc7-ef53-4a09-84e6-8cc64b8e43d6.crx, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\bgNova.html, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623.crx, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.Senses.A, C:\Program Files (x86)\Senses\ebcd74ed-0212-4188-b574-981f73363623.xpi, , [bfb9e733f28ab18557b57cb28380c937],
PUP.Optional.SoftwareUpdater.A, C:\Users\Martin\AppData\Local\SwvUpdater\Updater.xml, , [4731ad6d96e62f078048f63f6c9703fd],
PUP.Optional.SoftwareUpdater.A, C:\Users\Martin\AppData\Local\SwvUpdater\status.cfg, , [4731ad6d96e62f078048f63f6c9703fd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-1, , [3f399288ed8f0b2b64b47abc15eee11f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-11, , [93e5ef2be19b91a52deb77bf7e85738d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-2, , [106820fafb8115219f790d291fe414ec],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-3, , [d5a346d4116b280edc3c06304fb44fb1],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-4, , [5e1a67b31864dd5903150d29ef148878],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5, , [fd7b9c7ef5878da9ba5e2b0bca398878],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5_user, , [a2d634e6ceae10260216e84e62a15fa1],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-6, , [e296ef2bf686bc7a21f72d093cc701ff],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\ebcd74ed-0212-4188-b574-981f73363623-7, , [e1979d7dd0ac51e56fa942f434cf06fa],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, , [6f09b26858247abc017c52e40ef526da],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\setupcfg.ini, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Inbox.ini, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\unins000.dat, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\unins000.exe, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\unins000.msg, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\uninstall.ini, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\burgundy_green.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\general_youtube2.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_news_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_online_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_programs_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Buttons\tv_search_cz.xml, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.crx, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome\ibxtoolbar_chr.ver, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Inbox, C:\Program Files (x86)\Inbox Toolbar\Chrome\sqlite3.dll, , [3741cd4dc4b87abc65b63b37f80c659b],
PUP.Optional.Searchqu.A, C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [5127eb2f3e3e69cdcd42c9abc93bf40c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-1.job, , [6e0a0416611ba98d90ab8f05bd4722de],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-11.job, , [106874a6c0bc3bfbba81a7edac587090],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-2.job, , [a8d0d149067671c5c2792470857f50b0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-3.job, , [0a6e9c7e6517eb4b2b10266e1ee603fd],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-4.job, , [d3a5819959230f27b18af89cf410629e],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5.job, , [1068f426077569cdf843a6eed2329c64],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-5_user.job, , [abcd39e1e09c280ed16afe9646be17e9],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-6.job, , [3d3b55c58eeef5416ecd454fd92b0af6],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\ebcd74ed-0212-4188-b574-981f73363623-7.job, , [7efa3cde522a43f342f9f2a2a75d08f8],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\435842085BEA4500A3458CAE61A13029\PasswordBoxCHSTORE_p1v0.exe, , [4335e139dd9f6ccaf3b19d5817eb4fb1],
PUP.Optional.Datamngr.A, C:\Users\Martin\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [53250e0cc5b79c9aa04b689331d1cb35],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, , [c4b4cc4e166695a198ba9c76bc470ff1],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome.manifest, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\install.rdf, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\33432e0fa2109c062816fad463a9a30c.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\58786cb5db5c4325e8c66857887b46e2.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\5a055b75f3b6204e37de6d7c29818c0b.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\background.html, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\browser.xul, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\dialog.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\e20bd472dd35b22820c7e4b7b3851f72.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\ef5dda8478d489db063cedfeb03e5aa2.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\f9d183a3bec062b7cb8fca973ed7d53e.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\ffCoreFilesIndex.txt, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\options.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\options.xul, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\search_dialog.xul, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\6412d8e8d23e881f3a0a5a0504273014.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\025fd2a6267d39c3b07736e84b4897a3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\06d48318c31a1358700779bcfb0ac1c7.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\0d5c29363b8208f714cf86532ad59523.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\15883f2ed73a41fc2fa58f1d04c8ace3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\19c14520629e4ba725485111e8ad47c9.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\2d8f8810d5e9fab006638ba39b5747fc.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\46fc38bde16fea4ad1c85c9dd88dc7d3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\49e49cf2e359fe987609b6ee4b414e30.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\6d9c380f3d9224d545c46be4320a01f3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\7d48b00ff6dc226d94e97c9b535505a4.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\8211197088ab7b38d0a7cbd5f00d9537.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\8a5fad5b9d01555c533ee3aabca5304e.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\b6ab017fb701fb537177cde36a5d92f0.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\cd2a51926b03b148ab56a8e8c8dec7be.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\api\d8b0a1c93f44e8c27646bf4b12854879.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\8aab217e12d4b0c4011c4c8d73f1998b.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\015520d7b645b8d1051a734280cae81c.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\2f1be68c9e341953a8fdc03d3f3d5367.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\3c8d7cfff66739619d7716a520068d7f.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\4dcaf9160c02de651668a00e4f8c02be.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\5e2e0a05f92a8a046f7bf3a7a35bd054.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\6a6be074d98a5ffddf453c87a7563cbc.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\7d92fae8b383ddd0280c1824db18f679.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\87de939b2c895a479d948a4ed75e3867.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\91a1fece43ea1d6ebe95122243387700.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\9ea25ab0cb10b069c5e96a981dbd4cb5.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\9f319db0ce88990cfeec915bcfd34962.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\a38b0bd7365aa7206b0061abc4b91bd7.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\a80bd0f5e61a2c7ec6316db93d6e227d.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\aef3a938f7562af8cb458b02bf2d14f3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\b3ce06c349bf229dd17bf0a6efc752e3.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\ba71c8b7bdb686a952badf512db3575d.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\d1da5a68add58a5509bd982dab43abe9.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\ebde113908053154795e101c735131f0.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\eec360f29fccff4baa479dff83757357.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\chrome\content\core\installer.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\defaults\preferences\prefs.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\manifest.xml, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins.json, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\223.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\1.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\102.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\104.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\123.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\13.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\14.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\16.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\17.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\177.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\180.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\182.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\183.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\184.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\192.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\193.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\195.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\207.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\21.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\22.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\220.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\221.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\226.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\239.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\244.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\246.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\262.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\263.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\268.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\273.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\28.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\281.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\288.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\300.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\4.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\47.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\64.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\7.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\72.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\78.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\9.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\91.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\plugins\98.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\userCode\background.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\extensionData\userCode\extension.js, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\locale\en-US\translations.dtd, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button1.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button2.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button3.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button4.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\button5.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\crossrider_statusbar.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon128.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon16.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon24.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\icon48.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\panelarrow-up.png, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\popup.html, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\skin.css, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\extensions\warnerroberts@hotmail.com\skin\update.css, , [1a5e5ebc7efe013592652ee78e75ce32],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro\ShopperPro.dll, , [077165b5e19b80b6a036cc4d71927d83],
PUP.Optional.ShopperPro, C:\ProgramData\ShopperPro\ShopperPro64.dll, , [077165b5e19b80b6a036cc4d71927d83],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth187.dll, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx187.dll, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, , [79ff2af064182313f98f8f8c2bd826da],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1492c3eb77000bcb49b395e2cda7a383");), ,[b6c28c8ebbc1aa8ced6dec7b699c58a8]
Physical Sectors: 0
(No malicious items detected)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT - naléhavé
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu z HJT - naléhavé
Dobrý den, posílám logy:
ADW:
# AdwCleaner v4.002 - Report created 30/10/2014 at 15:08:51
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Users\Martin\AppData\Local\b1e
Folder Deleted : C:\Users\Martin\AppData\Roaming\B1Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Martin\AppData\Local\Babylon
Folder Deleted : C:\Users\Martin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Martin\AppData\LocalLow\DataMngr
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Martin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Search Settings
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Martin\AppData\Local\Slick Savings
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Martin\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Public\Documents\YTAHelper
Folder Deleted : C:\Users\Martin\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Martin\AppData\Local\CrashRpt
Folder Deleted : C:\Program Files (x86)\Senses
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\Extensions\warnerroberts@hotmail.com
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-1
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-11
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-2
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-3
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-4
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-5
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-5_user
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-6
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-7
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Senses
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Senses-nv
Key Deleted : HKLM\SOFTWARE\Senses
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Senses-nv
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v32.0.3 (x86 cs)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [20308 octets] - [29/10/2014 11:18:51]
AdwCleaner[R1].txt - [20369 octets] - [30/10/2014 15:05:30]
AdwCleaner[S0].txt - [20029 octets] - [30/10/2014 15:08:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20090 octets] ##########
ADW:
# AdwCleaner v4.002 - Report created 30/10/2014 at 15:08:51
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Users\Martin\AppData\Local\b1e
Folder Deleted : C:\Users\Martin\AppData\Roaming\B1Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Martin\AppData\Local\Babylon
Folder Deleted : C:\Users\Martin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Martin\AppData\LocalLow\DataMngr
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\Martin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
Folder Deleted : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Search Settings
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Martin\AppData\Local\Slick Savings
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Martin\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Public\Documents\YTAHelper
Folder Deleted : C:\Users\Martin\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Martin\AppData\Local\CrashRpt
Folder Deleted : C:\Program Files (x86)\Senses
Folder Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\Extensions\warnerroberts@hotmail.com
***** [ Scheduled Tasks ] *****
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-1
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-11
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-2
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-3
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-4
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-5
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-5_user
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-6
Task Deleted : ebcd74ed-0212-4188-b574-981f73363623-7
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\inbox.appserver
Key Deleted : HKLM\SOFTWARE\Classes\inbox.ibx404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_crazytalk_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Senses
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Senses-nv
Key Deleted : HKLM\SOFTWARE\Senses
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Senses-nv
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v32.0.3 (x86 cs)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [20308 octets] - [29/10/2014 11:18:51]
AdwCleaner[R1].txt - [20369 octets] - [30/10/2014 15:05:30]
AdwCleaner[S0].txt - [20029 octets] - [30/10/2014 15:08:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20090 octets] ##########
Re: Kontrola logu z HJT - naléhavé
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martin on źt 30.10.2014 at 15:17:25,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\software informer
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36CDE5CA-B617-4874-BADA-C449FAEE5A3B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3996012D-D0AC-4CFF-A47B-FDDD06E4EB38}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5161083F-3A8C-45F8-AAF5-8E19938795C0}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ FireFox
Successfully deleted the following from C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\mj9e7qec.default-1412861329088\prefs.js
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2
user_pref("extensions.crossrider.bic", "1492c3eb77000bcb49b395e2cda7a383");
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\mj9e7qec.default-1412861329088\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 30.10.2014 at 15:25:02,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MbAM:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 30.10.2014
Scan Time: 15:28:20
Logfile: Log MbAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.30.08
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474858
Time Elapsed: 29 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apgjagobplilmcdfelodhgefiidomnfl, Quarantined, [c81876a49ae260d69a6be254ee158c74],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmcmflmkceipgecmhoddphflfndnfbbe, Quarantined, [00e0d54598e4de58b247c3d2dd27d32d],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
Files: 10
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\AOMUOS.exe, Quarantined, [58887b9f4c3068cefe697c3ce8199967],
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\XTBOI.exe, Quarantined, [0dd374a6116b2c0a6106ae0aa958c23e],
PUP.Optional.4Shared, C:\Users\Martin\Desktop\(ASUS Sonic Focus + ASUS Sonic Master)_1.0.0004_Win7.exe, Quarantined, [964aed2d9fddde58029970ae56aa01ff],
PUP.Optional.Spigot.A, C:\Windows\Installer\4ef08.msi, Quarantined, [a43cc85296e6b680300709b946bb7e82],
PUP.Optional.SweetIM, C:\Windows\Installer\1b786a.msi, Quarantined, [17c91802b6c662d481be0f4ae61f659b],
PUP.Optional.iWebar, C:\Windows\System32\Tasks\Installer_iwebar, Quarantined, [ca16eb2f4b3157dfe11370be8a7910f0],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
PUP.Optional.Searchqu.A, C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Quarantined, [776950caaad2a690e2bac3b239cbbc44],
Physical Sectors: 0
(No malicious items detected)
(end)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martin on źt 30.10.2014 at 15:17:25,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\software informer
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36CDE5CA-B617-4874-BADA-C449FAEE5A3B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3996012D-D0AC-4CFF-A47B-FDDD06E4EB38}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5161083F-3A8C-45F8-AAF5-8E19938795C0}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ FireFox
Successfully deleted the following from C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\mj9e7qec.default-1412861329088\prefs.js
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2
user_pref("extensions.crossrider.bic", "1492c3eb77000bcb49b395e2cda7a383");
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\mj9e7qec.default-1412861329088\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 30.10.2014 at 15:25:02,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MbAM:
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Scan Date: 30.10.2014
Scan Time: 15:28:20
Logfile: Log MbAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.10.30.08
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474858
Time Elapsed: 29 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\apgjagobplilmcdfelodhgefiidomnfl, Quarantined, [c81876a49ae260d69a6be254ee158c74],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pmcmflmkceipgecmhoddphflfndnfbbe, Quarantined, [00e0d54598e4de58b247c3d2dd27d32d],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
Files: 10
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\AOMUOS.exe, Quarantined, [58887b9f4c3068cefe697c3ce8199967],
PUP.Optional.Senses.A, C:\Users\Martin\AppData\Roaming\XTBOI.exe, Quarantined, [0dd374a6116b2c0a6106ae0aa958c23e],
PUP.Optional.4Shared, C:\Users\Martin\Desktop\(ASUS Sonic Focus + ASUS Sonic Master)_1.0.0004_Win7.exe, Quarantined, [964aed2d9fddde58029970ae56aa01ff],
PUP.Optional.Spigot.A, C:\Windows\Installer\4ef08.msi, Quarantined, [a43cc85296e6b680300709b946bb7e82],
PUP.Optional.SweetIM, C:\Windows\Installer\1b786a.msi, Quarantined, [17c91802b6c662d481be0f4ae61f659b],
PUP.Optional.iWebar, C:\Windows\System32\Tasks\Installer_iwebar, Quarantined, [ca16eb2f4b3157dfe11370be8a7910f0],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, Quarantined, [9848c45690ec5cda7c92db5db053e41c],
PUP.Optional.Searchqu.A, C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, Quarantined, [776950caaad2a690e2bac3b239cbbc44],
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Kontrola logu z HJT - naléhavé
RK:
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Mód : Prohledat -- Datum : 10/30/2014 16:44:13
¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] szndesktop.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] listicka-x64.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> Zastaveno [TermThr]
[Suspicious.Path] explorer.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
[Suspicious.Path] rundll32.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
¤¤¤ Registry : 18 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 90 (Driver: Nahrán) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x703b0 (jmp 0xffffffff8910ed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x70490 (jmp 0xffffffff8910e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x703a0 (jmp 0xffffffff8910e870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x70400 (jmp 0xffffffff8910dc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x704a0 (jmp 0xffffffff8910e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x70350 (jmp 0xffffffff8910e730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff8910ed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x703b0 (jmp 0xffffffff8910ed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff8910e5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x702c0 (jmp 0xffffffff8910e030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x70290 (jmp 0xffffffff8910e610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x702a0 (jmp 0xffffffff8910e060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x70330 (jmp 0xffffffff8910e5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x70340 (jmp 0xffffffff8910e070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x703d0 (jmp 0xffffffff8910e6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x703f0 (jmp 0xffffffff8910ec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x70380 (jmp 0xffffffff8910e0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x70430 (jmp 0xffffffff8910d9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x70490 (jmp 0xffffffff8910e300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x703f0 (jmp 0xffffffff8910ec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x70440 (jmp 0xffffffff8910de80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x70280 (jmp 0xffffffff8910d700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x70280 (jmp 0xffffffff8910d700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff8910ed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x70340 (jmp 0xffffffff8910e070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x70380 (jmp 0xffffffff8910e0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x702c0 (jmp 0xffffffff8910e030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff8910ed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x702a0 (jmp 0xffffffff8910e060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x70300 (jmp 0xffffffff8910e130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x70330 (jmp 0xffffffff8910e5f0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x701e0 (jmp 0xffffffff8910e140)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ dsrole.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] mj9e7qec.default-1412861329088 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 630e28ae9f3afa855e4bcd13221ca3da
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Mód : Prohledat -- Datum : 10/30/2014 16:44:13
¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] szndesktop.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] listicka-x64.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> Zastaveno [TermThr]
[Suspicious.Path] explorer.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
[Suspicious.Path] rundll32.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
¤¤¤ Registry : 18 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 90 (Driver: Nahrán) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x703b0 (jmp 0xffffffff8910ed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x70490 (jmp 0xffffffff8910e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x703a0 (jmp 0xffffffff8910e870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x70400 (jmp 0xffffffff8910dc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x704a0 (jmp 0xffffffff8910e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x70350 (jmp 0xffffffff8910e730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff8910ed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x703b0 (jmp 0xffffffff8910ed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff8910e5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x702c0 (jmp 0xffffffff8910e030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x70290 (jmp 0xffffffff8910e610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x702a0 (jmp 0xffffffff8910e060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x70330 (jmp 0xffffffff8910e5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x70340 (jmp 0xffffffff8910e070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x703d0 (jmp 0xffffffff8910e6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x703f0 (jmp 0xffffffff8910ec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x70380 (jmp 0xffffffff8910e0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x70430 (jmp 0xffffffff8910d9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x70490 (jmp 0xffffffff8910e300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x703f0 (jmp 0xffffffff8910ec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x70440 (jmp 0xffffffff8910de80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x70280 (jmp 0xffffffff8910d700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x70280 (jmp 0xffffffff8910d700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff8910ed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff8910ed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x70340 (jmp 0xffffffff8910e070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x70380 (jmp 0xffffffff8910e0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x702c0 (jmp 0xffffffff8910e030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff8910ed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x702a0 (jmp 0xffffffff8910e060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x70300 (jmp 0xffffffff8910e130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x70330 (jmp 0xffffffff8910e5f0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x701e0 (jmp 0xffffffff8910e140)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff8910ebc0)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff8910f0a0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff8910ee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff8910d850)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff8910e980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff8910eba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff8910ee70)
[IAT:Inl] (explorer.exe @ dsrole.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff8910ec30)
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] mj9e7qec.default-1412861329088 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 630e28ae9f3afa855e4bcd13221ca3da
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT - naléhavé
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu z HJT - naléhavé
Tady jsou logy:
RK:
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Mód : Smazat -- Datum : 10/31/2014 18:57:11
¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] szndesktop.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] listicka-x64.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> Zastaveno [TermThr]
[Suspicious.Path] explorer.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
[Suspicious.Path] rundll32.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
¤¤¤ Registry : 18 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7][x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
¤¤¤ Antirootkit : 90 (Driver: Nahrán) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77a003b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77a00490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x77a003a0 (jmp 0x15e870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x77a00400 (jmp 0x15dc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x77a004a0 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77a00350 (jmp 0x15e730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77a00320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77a003b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x77a002b0 (jmp 0x15e5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77a002c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x77a00290 (jmp 0x15e610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77a002a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77a00330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77a00340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x77a003d0 (jmp 0x15e6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x77a003f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77a00380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x77a00430 (jmp 0x15d9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77a00490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x77a003f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x77a00440 (jmp 0x15de80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77a00280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77a00280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77a00320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77a00340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77a00380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77a002c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77a00320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77a002a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x77a00300 (jmp 0x15e130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77a00330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x77a001e0 (jmp 0x15e140)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
¤¤¤ Webové prohlížeče : 6 ¤¤¤
[IE:Addon] System : Easy Photo Print [{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : bug489729 (Disable detach and tear off tab) [bug489729@alice0775] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : avast! Online Security [wrc@avast.com] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : Freemake Video Converter Plugin [fmconverter@gmail.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] mj9e7qec.default-1412861329088 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 630e28ae9f3afa855e4bcd13221ca3da
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_10302014_164413.log - RKreport_SCN_10312014_185304.log
RK:
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Mód : Smazat -- Datum : 10/31/2014 18:57:11
¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] szndesktop.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] listicka-x64.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> Zastaveno [TermThr]
[Suspicious.Path] explorer.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
[Suspicious.Path] rundll32.exe -- C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\12348libfoxloader-x64.dll[-] -> Uvolněno
¤¤¤ Registry : 18 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7][x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=16194 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> Smazáno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
¤¤¤ Antirootkit : 90 (Driver: Nahrán) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77a003b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77a00490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x77a003a0 (jmp 0x15e870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x77a00400 (jmp 0x15dc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x77a004a0 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77a00350 (jmp 0x15e730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77a00320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77a003b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x77a002b0 (jmp 0x15e5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77a002c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x77a00290 (jmp 0x15e610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77a002a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77a00330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77a00340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x77a003d0 (jmp 0x15e6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x77a003f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77a00380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x77a00430 (jmp 0x15d9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77a00490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x77a003f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x77a00440 (jmp 0x15de80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77a00280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77a00280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77a00320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x77a00390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77a00340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77a00380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77a002c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77a00320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77a002a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x77a00300 (jmp 0x15e130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77a00330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x77a001e0 (jmp 0x15e140)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77a00370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77a001f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77a00450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77a00310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77a002e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77a00480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77a002d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77a003e0 (jmp 0x15ee70)
¤¤¤ Webové prohlížeče : 6 ¤¤¤
[IE:Addon] System : Easy Photo Print [{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : bug489729 (Disable detach and tear off tab) [bug489729@alice0775] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : avast! Online Security [wrc@avast.com] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno
[FIREFX:Addon] mj9e7qec.default-1412861329088 : Freemake Video Converter Plugin [fmconverter@gmail.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] mj9e7qec.default-1412861329088 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 630e28ae9f3afa855e4bcd13221ca3da
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_10302014_164413.log - RKreport_SCN_10312014_185304.log
Re: Kontrola logu z HJT - naléhavé
ZOAK:
Zoek.exe v5.0.0.0 Updated 31-10-2014
Tool run by Martin on p 31.10.2014 at 19:04:07,48.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31.10.2014 19:06:25 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\SearchScopes\{929F7EC3-161D-4CB2-945E-17160BA8B7CD} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{44DF5167-AB4A-4D62-A3D9-A2E183D8FF6D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8b3ac698-cf15-4b30-96be-3df83764bf58} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{03cda57c-2299-4fa1-a4c9-8098ed6476de} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4a7e0e46-3e78-434e-a9b5-02f53d834e86} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{15fb1f46-b134-44d8-9394-8b3d2ad4c613} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110611191115} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Google");
Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088
user.js not found
---- Lines awarnerrobertshotmailcom61915 removed from prefs.js ----
user_pref("extensions.awarnerrobertshotmailcom61915.61915.active", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbar", "NA");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbarenhanced", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncdb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncinternaldb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.backgroundver", 1);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.certdomaininstaller", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.value", "%221413559729%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A%220%22%2
user_pref("extensions.awarnerrobertshotmailcom61915.61915.description", ".");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.domain", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.enablesearch", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.homepage", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.changeprevious", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.iframe", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationThankYouPage", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationTime", 1413559729);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2277
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22776A942D15DC40B698E0287
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A%220%
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22776A942D15DC40
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.value", "44");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.expiration", "Thu Oct 30 2014 14:38:55 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastDailyReport", "1414654734929");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastUpdate", "1414654735441");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.manifesturl", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.name", "Sense1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.newtab", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.opensearch", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsurl", "http://js.newinfoclientstack.com/plugin/apps/61915/plugins/na/ff/plugins.json"
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsversion", 40);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.publisher", "Object Browser");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.searchstatus", 0);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.setnewtab", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.thankyou", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.updateinterval", 360);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.ver", 44);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.apps", "61915");
user_pref("extensions.awarnerrobertshotmailcom61915.bic", "1492c3eb77000bcb49b395e2cda7a383");
user_pref("extensions.awarnerrobertshotmailcom61915.cid", 61915);
user_pref("extensions.awarnerrobertshotmailcom61915.firstrun", false);
user_pref("extensions.awarnerrobertshotmailcom61915.hadappinstalled", true);
user_pref("extensions.awarnerrobertshotmailcom61915.installationdate", 1413786548);
user_pref("extensions.awarnerrobertshotmailcom61915.modetype", "production");
user_pref("extensions.awarnerrobertshotmailcom61915.reportInstall", true);
user_pref("extensions.awarnerrobertshotmailcom61915.statsDailyCounter", 9);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----
prefs_31.10.2014_1924_.backup
==== Deleting Files \ Folders ======================
"C:\Windows\Installer\4ef08.msi" not found
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Users\Martin\.android deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\PROGRA~2\ExperimentalScene deleted
C:\PROGRA~2\VDownloader deleted
C:\astudio.exe deleted
C:\asUpgr.exe deleted
C:\found.000 deleted
C:\Users\Martin\AppData\Roaming\PLGComp.ini deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Martin\AppData\Local\Maxiget deleted
C:\Users\Martin\AppData\Local\Installer deleted
C:\Users\Martin\AppData\LocalLow\IObit Apps deleted
C:\Users\Martin\AppData\LocalLow\ADSRemoval deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\MaxigetUpdaterTaskMachineCore.job deleted
C:\Windows\tasks\MaxigetUpdaterTaskMachineUA.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Martin\AppData\Roaming\vlc\vlcrc" deleted
"C:\PROGRA~2\Maxiget\Updater\MaxigetUpdater.exe" deleted
"C:\PROGRA~2\Maxiget\Updater\70.3.29.7018\maxipdate.dll" deleted
"C:\Users\Martin\AppData\Roaming\vlc" deleted
"C:\Users\Martin\AppData\Roaming\Twins" deleted
"C:\Users\Martin\AppData\Roaming\GHISLER" deleted
"C:\PROGRA~2\Maxiget" not deleted
"C:\PROGRA~2\Maxiget\Updater" not deleted
"C:\PROGRA~2\Maxiget\Updater\70.3.29.7018" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [05.09.2014 16:58]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
78006383FEDBCDC290B8BD178903D6AB - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
amhlacfinnaffmhfohbpecabbjfhkdji - No path found[]
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08.07.2014 10:48]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
amhlacfinnaffmhfohbpecabbjfhkdji - No path found[]
Senses - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe
WikiWand - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj
Avast Online Security - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Chromium Fix ======================
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amhlacfinnaffmhfohbpecabbjfhkdji_0.localstorage deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpgpffljkgjmijjdmjbdppndoojdgboe_0.localstorage deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpgpffljkgjmijjdmjbdppndoojdgboe_0.localstorage-journal deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bpgpffljkgjmijjdmjbdppndoojdgboe_0 deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpgpffljkgjmijjdmjbdppndoojdgboe deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=16194"
"Start Page Before"="http://www.bing.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/?clid=16194"
"Start Page Before"="http://www.seznam.cz/?clid=16194"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{05D652A3-CBB1-4B9D-B388-C17D43F30CAD} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1B88AC43-E26E-4DC5-9AEB-EEA162584222} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194"
{3EA1C8D5-44D0-4FD6-A528-E875B81510D8} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194"
{46B9FBD5-587C-4634-8857-95AF087D63B8} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194"
{5B23572A-5CC7-4A30-9A9B-9661ED0FC6E2} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
{74937993-6C4F-4551-A107-109D3B6D8038} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194"
{D5F06B24-E0C1-4455-A295-FEEFDC0DCF49} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194"
{E0F1D1E1-00B3-4C5A-9916-17736AAD9190} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
==== Reset Google Chrome ======================
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\903C920E1244B01498A0032D8E8ED2C0 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\903C920E1244B01498A0032D8E8ED2C0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Martin\AppData\Local\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=396 folders=89 75084152 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\Maxiget" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on p 31.10.2014 at 19:33:46,20 ======================
Zoek.exe v5.0.0.0 Updated 31-10-2014
Tool run by Martin on p 31.10.2014 at 19:04:07,48.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31.10.2014 19:06:25 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\SearchScopes\{929F7EC3-161D-4CB2-945E-17160BA8B7CD} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{44DF5167-AB4A-4D62-A3D9-A2E183D8FF6D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8b3ac698-cf15-4b30-96be-3df83764bf58} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{03cda57c-2299-4fa1-a4c9-8098ed6476de} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4a7e0e46-3e78-434e-a9b5-02f53d834e86} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{15fb1f46-b134-44d8-9394-8b3d2ad4c613} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110611191115} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Google");
Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088
user.js not found
---- Lines awarnerrobertshotmailcom61915 removed from prefs.js ----
user_pref("extensions.awarnerrobertshotmailcom61915.61915.active", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbar", "NA");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbarenhanced", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncdb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncinternaldb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.backgroundver", 1);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.certdomaininstaller", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.value", "%221413559729%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A%220%22%2
user_pref("extensions.awarnerrobertshotmailcom61915.61915.description", ".");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.domain", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.enablesearch", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.homepage", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.changeprevious", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.iframe", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationThankYouPage", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationTime", 1413559729);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2277
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22776A942D15DC40B698E0287
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A%220%
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000805%22%2C%22sub_id%22%3A
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22776A942D15DC40
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.value", "44");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.expiration", "Thu Oct 30 2014 14:38:55 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastDailyReport", "1414654734929");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastUpdate", "1414654735441");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.manifesturl", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.name", "Sense1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.newtab", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.opensearch", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsurl", "http://js.newinfoclientstack.com/plugin/apps/61915/plugins/na/ff/plugins.json"
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsversion", 40);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.publisher", "Object Browser");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.searchstatus", 0);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.setnewtab", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.thankyou", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.updateinterval", 360);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.ver", 44);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.apps", "61915");
user_pref("extensions.awarnerrobertshotmailcom61915.bic", "1492c3eb77000bcb49b395e2cda7a383");
user_pref("extensions.awarnerrobertshotmailcom61915.cid", 61915);
user_pref("extensions.awarnerrobertshotmailcom61915.firstrun", false);
user_pref("extensions.awarnerrobertshotmailcom61915.hadappinstalled", true);
user_pref("extensions.awarnerrobertshotmailcom61915.installationdate", 1413786548);
user_pref("extensions.awarnerrobertshotmailcom61915.modetype", "production");
user_pref("extensions.awarnerrobertshotmailcom61915.reportInstall", true);
user_pref("extensions.awarnerrobertshotmailcom61915.statsDailyCounter", 9);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----
prefs_31.10.2014_1924_.backup
==== Deleting Files \ Folders ======================
"C:\Windows\Installer\4ef08.msi" not found
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Users\Martin\.android deleted
C:\PROGRA~2\Mozilla Firefox\defaults\preferences\pref.js deleted
C:\PROGRA~2\ExperimentalScene deleted
C:\PROGRA~2\VDownloader deleted
C:\astudio.exe deleted
C:\asUpgr.exe deleted
C:\found.000 deleted
C:\Users\Martin\AppData\Roaming\PLGComp.ini deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Martin\AppData\Local\Maxiget deleted
C:\Users\Martin\AppData\Local\Installer deleted
C:\Users\Martin\AppData\LocalLow\IObit Apps deleted
C:\Users\Martin\AppData\LocalLow\ADSRemoval deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\tasks\MaxigetUpdaterTaskMachineCore.job deleted
C:\Windows\tasks\MaxigetUpdaterTaskMachineUA.job deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Martin\AppData\Roaming\vlc\vlcrc" deleted
"C:\PROGRA~2\Maxiget\Updater\MaxigetUpdater.exe" deleted
"C:\PROGRA~2\Maxiget\Updater\70.3.29.7018\maxipdate.dll" deleted
"C:\Users\Martin\AppData\Roaming\vlc" deleted
"C:\Users\Martin\AppData\Roaming\Twins" deleted
"C:\Users\Martin\AppData\Roaming\GHISLER" deleted
"C:\PROGRA~2\Maxiget" not deleted
"C:\PROGRA~2\Maxiget\Updater" not deleted
"C:\PROGRA~2\Maxiget\Updater\70.3.29.7018" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [05.09.2014 16:58]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
78006383FEDBCDC290B8BD178903D6AB - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
amhlacfinnaffmhfohbpecabbjfhkdji - No path found[]
eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08.07.2014 10:48]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
amhlacfinnaffmhfohbpecabbjfhkdji - No path found[]
Senses - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe
WikiWand - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj
Avast Online Security - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
==== Chromium Fix ======================
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amhlacfinnaffmhfohbpecabbjfhkdji_0.localstorage deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpgpffljkgjmijjdmjbdppndoojdgboe_0.localstorage deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpgpffljkgjmijjdmjbdppndoojdgboe_0.localstorage-journal deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bpgpffljkgjmijjdmjbdppndoojdgboe_0 deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpgpffljkgjmijjdmjbdppndoojdgboe deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=16194"
"Start Page Before"="http://www.bing.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/?clid=16194"
"Start Page Before"="http://www.seznam.cz/?clid=16194"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{05D652A3-CBB1-4B9D-B388-C17D43F30CAD} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1B88AC43-E26E-4DC5-9AEB-EEA162584222} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194"
{3EA1C8D5-44D0-4FD6-A528-E875B81510D8} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194"
{46B9FBD5-587C-4634-8857-95AF087D63B8} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194"
{5B23572A-5CC7-4A30-9A9B-9661ED0FC6E2} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
{74937993-6C4F-4551-A107-109D3B6D8038} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194"
{D5F06B24-E0C1-4455-A295-FEEFDC0DCF49} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194"
{E0F1D1E1-00B3-4C5A-9916-17736AAD9190} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
==== Reset Google Chrome ======================
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\903C920E1244B01498A0032D8E8ED2C0 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\903C920E1244B01498A0032D8E8ED2C0 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Martin\AppData\Local\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=396 folders=89 75084152 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\Maxiget" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on p 31.10.2014 at 19:33:46,20 ======================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT - naléhavé
Vlož nový log z HJT + info o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 106 hostů