Nevim, jestli jsem to udělal správně, jsem úplný začátečník...
Nebo't jsem si včera po dlouhé době kontroloval počítač a nahlásilo mi to asi čtyry soubory s trojanem + tři soubory s hacktoolem nebo tak nějak a další věci, tak by se mi hodila pomoc...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:53:59, on 20.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Users\Václav\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\SysWOW64\WScript.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\SysWOW64\WScript.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera_crashreporter.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
C:\Users\Václav\Desktop\Václav\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 1680516805
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... 1680516805
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... chTerms%7D
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mswficwSrv] "C:\Windows\system32\mswficw.vbe" msgnam msdefr
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncmabxSrv] C:\Windows\inf\mncmabx.vbe
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Václav\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Václav\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Batman Arkham Asylum Crack] wscript.exe //B "C:\Users\VCLAV~1\AppData\Local\Temp\Batman Arkham Asylum Crack.vbs"
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{218D4E43-A83A-4909-9370-5C1A11BCC96B}: NameServer = 82.163.143.169,82.163.142.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{414BE8E7-0FCA-4DE8-819B-BEC46718080D}: NameServer = 82.163.143.169,82.163.142.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{218D4E43-A83A-4909-9370-5C1A11BCC96B}: NameServer = 82.163.143.169,82.163.142.171
O17 - HKLM\System\CS2\Services\Tcpip\..\{218D4E43-A83A-4909-9370-5C1A11BCC96B}: NameServer = 82.163.143.169,82.163.142.171
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\sw-boo~1\assist~1.dll
O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12634 bytes
Prosim o kontrolu logu
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu logu
Ale mám problém s Malwarebytes' Anti-Malware, když ho nainstaluju, tak nejde zapnout. Píše, že přestal pracovat.
# AdwCleaner v5.002 - Logfile created 20/08/2015 at 17:19:42
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Václav - PC
# Running from : C:\Users\Václav\Desktop\Václav\Downloads\adwcleaner_5.002.exe
# Option : Scan
***** [ Services ] *****
Service Found : winzipersvc
Service Found : 442b8ad0
Service Found : d0439c0e
Service Found : d0e87c27
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\sw-booster
Folder Found : C:\Program Files (x86)\WinZipper
Folder Found : C:\Program Files (x86)\adblocker
Folder Found : C:\Program Files (x86)\DNS Unlocker
Folder Found : C:\Program Files (x86)\DeigiSaver
Folder Found : C:\Program Files (x86)\DiigiCoupon
Folder Found : C:\Program Files (x86)\EaxstrASavingS
Folder Found : C:\Program Files (x86)\JoniCoUpon
Folder Found : C:\Program Files (x86)\JooniCuOupon
Folder Found : C:\Program Files (x86)\MianimumPriice
Folder Found : C:\Program Files (x86)\RegulAArDeAls
Folder Found : C:\Program Files (x86)\RegularDeaLs
Folder Found : C:\Program Files (x86)\RoiboSaveer
Folder Found : C:\Program Files (x86)\SavEaLots
Folder Found : C:\Program Files (x86)\shooppi
Folder Found : C:\Program Files (x86)\shopppii
Folder Found : C:\Program Files (x86)\taakaeeSaave
Folder Found : C:\Program Files (x86)\VauudIx
Folder Found : C:\ProgramData\MailUpdate
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\Ads Remover
Folder Found : C:\ProgramData\adblocker
Folder Found : C:\ProgramData\shooppi
Folder Found : C:\ProgramData\VauudIx
Folder Found : C:\ProgramData\80a3ae077e7a8c13
Folder Found : C:\ProgramData\9269443805268577299
Folder Found : C:\ProgramData\{9c4765f7-e38b-4160-9c47-765f7e3897df}
Folder Found : C:\ProgramData\{ecaa4b5f-2db2-5fac-ecaa-a4b5f2db2d7c}
Folder Found : C:\ProgramData\bdlojknilkllkhicbfanhepgelfhekkh
Folder Found : C:\ProgramData\cffmegkekhkpmpponefjfdooglakjnif
Folder Found : C:\ProgramData\kgjhjkklkkbhobjbkgnlichploofjdfl
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
Folder Found : C:\Users\Václav\AppData\Roaming\eCyber
Folder Found : C:\Users\Václav\AppData\Roaming\SkypEmoticons
Folder Found : C:\Users\Václav\AppData\Roaming\WinZipper
Folder Found : C:\Users\Václav\AppData\Roaming\MailUpdate
Folder Found : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
***** [ Files ] *****
File Found : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Václav\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\Václav\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\Users\Václav\AppData\Roaming\GNOK.exe
File Found : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
File Found : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
File Found : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\Ask.xml
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\trovi-search.xml
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\WebSearch.xml
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\yahoo_ff.xml
File Found : C:\Windows\Reimage.ini
File Found : C:\Windows\Sysnative\roboot64.exe
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
Task Found : Math Problem Solver CPU
Task Found : Math Problem Solver GPU
Task Found : Math Problem Solver Optimize
Task Found : SMupdate1
Task Found : Microsoft\Windows\Multimedia\SMupdate3
Task Found : Microsoft\Windows\Maintenance\SMupdate2
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : Superclean
***** [ Registry ] *****
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Found : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Found : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_
Key Found : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.9
Key Found : HKCU\Software\6da3be8caa2b2b877b2e2bac0c4c26ac
Key Found : HKCU\Software\e2f788d08455dd27700f662a4b272c1b
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\169f5923-0e1d-0a17-a9f6-f8500e679bf0
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2191004260
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d0439c0e}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\Classes\WinZipper.001
Key Found : HKLM\SOFTWARE\Classes\WinZipper.7z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.arj
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cab
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Found : HKLM\SOFTWARE\Classes\WinZipper.deb
Key Found : HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Found : HKLM\SOFTWARE\Classes\WinZipper.fat
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Found : HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.iso
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lha
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Found : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.swm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.taz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.txz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Found : HKLM\SOFTWARE\Classes\WinZipper.wim
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.zip
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\V9
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\GetPrivate
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\delta-homesSoftware
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\hdcode
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\V9
Key Found : HKLM\SOFTWARE\winzipersvc
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\PicexaSvc
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\performersoft llc
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\V9
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\GetPrivate
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Key Found : [x64] HKLM\SOFTWARE\YTDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Data Found : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1 ... 1680516805
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
***** [ Web browsers ] *****
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1432141151&z=879320e8edbad30f08031dag8zccco6g0z7g0gbz6q&from=wpm05203&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F151680516805");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "Ask.com");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.defaulturl", "hxxp://websearch.fastsearchings.info/?pid=3326&r=2014/07/12&hid=3378763937666679058&lg=EN&cc=CZ&unqvl=56&l=1&q=");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "Ask.com");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1,S", "WebSearch");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "delta-homes");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("extensions.JBjnTvKwKtl1YrOA.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("extensions.ZJ6V3wQYsmRhZU8a.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("extensions.yQaNZkiyy9RCdrbR.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=406&v=a15946-340&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1249522375364265&o=APN10645&q=");
[C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.gboxapp.com/
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [28187 bytes] ##########
# AdwCleaner v5.002 - Logfile created 20/08/2015 at 17:19:42
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Václav - PC
# Running from : C:\Users\Václav\Desktop\Václav\Downloads\adwcleaner_5.002.exe
# Option : Scan
***** [ Services ] *****
Service Found : winzipersvc
Service Found : 442b8ad0
Service Found : d0439c0e
Service Found : d0e87c27
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
***** [ Folders ] *****
Folder Found : C:\Program Files (x86)\sw-booster
Folder Found : C:\Program Files (x86)\WinZipper
Folder Found : C:\Program Files (x86)\adblocker
Folder Found : C:\Program Files (x86)\DNS Unlocker
Folder Found : C:\Program Files (x86)\DeigiSaver
Folder Found : C:\Program Files (x86)\DiigiCoupon
Folder Found : C:\Program Files (x86)\EaxstrASavingS
Folder Found : C:\Program Files (x86)\JoniCoUpon
Folder Found : C:\Program Files (x86)\JooniCuOupon
Folder Found : C:\Program Files (x86)\MianimumPriice
Folder Found : C:\Program Files (x86)\RegulAArDeAls
Folder Found : C:\Program Files (x86)\RegularDeaLs
Folder Found : C:\Program Files (x86)\RoiboSaveer
Folder Found : C:\Program Files (x86)\SavEaLots
Folder Found : C:\Program Files (x86)\shooppi
Folder Found : C:\Program Files (x86)\shopppii
Folder Found : C:\Program Files (x86)\taakaeeSaave
Folder Found : C:\Program Files (x86)\VauudIx
Folder Found : C:\ProgramData\MailUpdate
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\Ads Remover
Folder Found : C:\ProgramData\adblocker
Folder Found : C:\ProgramData\shooppi
Folder Found : C:\ProgramData\VauudIx
Folder Found : C:\ProgramData\80a3ae077e7a8c13
Folder Found : C:\ProgramData\9269443805268577299
Folder Found : C:\ProgramData\{9c4765f7-e38b-4160-9c47-765f7e3897df}
Folder Found : C:\ProgramData\{ecaa4b5f-2db2-5fac-ecaa-a4b5f2db2d7c}
Folder Found : C:\ProgramData\bdlojknilkllkhicbfanhepgelfhekkh
Folder Found : C:\ProgramData\cffmegkekhkpmpponefjfdooglakjnif
Folder Found : C:\ProgramData\kgjhjkklkkbhobjbkgnlichploofjdfl
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
Folder Found : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
Folder Found : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
Folder Found : C:\Users\Václav\AppData\Roaming\eCyber
Folder Found : C:\Users\Václav\AppData\Roaming\SkypEmoticons
Folder Found : C:\Users\Václav\AppData\Roaming\WinZipper
Folder Found : C:\Users\Václav\AppData\Roaming\MailUpdate
Folder Found : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
***** [ Files ] *****
File Found : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Václav\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\Václav\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\Users\Václav\AppData\Roaming\GNOK.exe
File Found : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
File Found : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
File Found : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\Ask.xml
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\trovi-search.xml
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\WebSearch.xml
File Found : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\yahoo_ff.xml
File Found : C:\Windows\Reimage.ini
File Found : C:\Windows\Sysnative\roboot64.exe
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
Task Found : Math Problem Solver CPU
Task Found : Math Problem Solver GPU
Task Found : Math Problem Solver Optimize
Task Found : SMupdate1
Task Found : Microsoft\Windows\Multimedia\SMupdate3
Task Found : Microsoft\Windows\Maintenance\SMupdate2
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : Superclean
***** [ Registry ] *****
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Found : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Found : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_
Key Found : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.9
Key Found : HKCU\Software\6da3be8caa2b2b877b2e2bac0c4c26ac
Key Found : HKCU\Software\e2f788d08455dd27700f662a4b272c1b
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\169f5923-0e1d-0a17-a9f6-f8500e679bf0
Key Found : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2191004260
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d0439c0e}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\Classes\WinZipper.001
Key Found : HKLM\SOFTWARE\Classes\WinZipper.7z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.arj
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cab
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Found : HKLM\SOFTWARE\Classes\WinZipper.deb
Key Found : HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Found : HKLM\SOFTWARE\Classes\WinZipper.fat
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Found : HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.iso
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lha
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Found : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.swm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.taz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.txz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Found : HKLM\SOFTWARE\Classes\WinZipper.wim
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.zip
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\V9
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\GetPrivate
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Protection
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\delta-homesSoftware
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\hdcode
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\V9
Key Found : HKLM\SOFTWARE\winzipersvc
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\PicexaSvc
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Headlight
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\performersoft llc
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\V9
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\GetPrivate
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Key Found : [x64] HKLM\SOFTWARE\YTDownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... 0516805&q={searchTerms}
Data Found : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Data Found : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... 1680516805
Data Found : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.delta-homes.com/web/?type ... 0516805&q={searchTerms}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1 ... 1680516805
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sw-boo~1\assist~1.dll
***** [ Web browsers ] *****
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1432141151&z=879320e8edbad30f08031dag8zccco6g0z7g0gbz6q&from=wpm05203&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F151680516805");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "Ask.com");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.defaulturl", "hxxp://websearch.fastsearchings.info/?pid=3326&r=2014/07/12&hid=3378763937666679058&lg=EN&cc=CZ&unqvl=56&l=1&q=");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "Ask.com");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1,S", "WebSearch");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "delta-homes");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("extensions.JBjnTvKwKtl1YrOA.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("extensions.ZJ6V3wQYsmRhZU8a.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("extensions.yQaNZkiyy9RCdrbR.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=406&v=a15946-340&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1249522375364265&o=APN10645&q=");
[C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.gboxapp.com/
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [28187 bytes] ##########
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Zkus ho v nouz. režimu.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu logu
# AdwCleaner v5.002 - Logfile created 20/08/2015 at 21:54:19
# Updated 18/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Václav - PC
# Running from : C:\Users\Václav\Desktop\adwcleaner_5.002.exe
# Option : Cleaning
***** [ Services ] *****
[-] Service Deleted : winzipersvc
[-] Service Deleted : 442b8ad0
[-] Service Deleted : d0439c0e
[-] Service Deleted : d0e87c27
[-] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\sw-booster
[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\Program Files (x86)\adblocker
[-] Folder Deleted : C:\Program Files (x86)\DeigiSaver
[-] Folder Deleted : C:\Program Files (x86)\DiigiCoupon
[-] Folder Deleted : C:\Program Files (x86)\EaxstrASavingS
[-] Folder Deleted : C:\Program Files (x86)\JoniCoUpon
[-] Folder Deleted : C:\Program Files (x86)\JooniCuOupon
[-] Folder Deleted : C:\Program Files (x86)\MianimumPriice
[-] Folder Deleted : C:\Program Files (x86)\RegulAArDeAls
[-] Folder Deleted : C:\Program Files (x86)\RegularDeaLs
[-] Folder Deleted : C:\Program Files (x86)\RoiboSaveer
[-] Folder Deleted : C:\Program Files (x86)\SavEaLots
[-] Folder Deleted : C:\Program Files (x86)\shooppi
[-] Folder Deleted : C:\Program Files (x86)\shopppii
[-] Folder Deleted : C:\Program Files (x86)\taakaeeSaave
[-] Folder Deleted : C:\Program Files (x86)\VauudIx
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\IHProtectUpDate
[-] Folder Deleted : C:\ProgramData\Ads Remover
[-] Folder Deleted : C:\ProgramData\adblocker
[-] Folder Deleted : C:\ProgramData\shooppi
[-] Folder Deleted : C:\ProgramData\VauudIx
[-] Folder Deleted : C:\ProgramData\80a3ae077e7a8c13
[-] Folder Deleted : C:\ProgramData\9269443805268577299
[-] Folder Deleted : C:\ProgramData\{9c4765f7-e38b-4160-9c47-765f7e3897df}
[-] Folder Deleted : C:\ProgramData\{ecaa4b5f-2db2-5fac-ecaa-a4b5f2db2d7c}
[-] Folder Deleted : C:\ProgramData\bdlojknilkllkhicbfanhepgelfhekkh
[-] Folder Deleted : C:\ProgramData\cffmegkekhkpmpponefjfdooglakjnif
[-] Folder Deleted : C:\ProgramData\kgjhjkklkkbhobjbkgnlichploofjdfl
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\eCyber
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\SkypEmoticons
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
***** [ Files ] *****
[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
[-] File Deleted : C:\Users\Václav\AppData\Roaming\LiveSupport.exe_log.txt
[-] File Deleted : C:\Users\Václav\AppData\Roaming\regsvr32.exe_log.txt
[-] File Deleted : C:\Users\Václav\AppData\Roaming\GNOK.exe
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\Ask.xml
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\trovi-search.xml
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\WebSearch.xml
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Windows\Reimage.ini
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : Math Problem Solver CPU
[-] Task Deleted : Math Problem Solver GPU
[-] Task Deleted : Math Problem Solver Optimize
[-] Task Deleted : SMupdate1
[-] Task Deleted : Microsoft\Windows\Multimedia\SMupdate3
[-] Task Deleted : Microsoft\Windows\Maintenance\SMupdate2
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : Superclean
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Classes\iLivid.torrent
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.9
[-] Key Deleted : HKCU\Software\6da3be8caa2b2b877b2e2bac0c4c26ac
[-] Key Deleted : HKCU\Software\e2f788d08455dd27700f662a4b272c1b
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\169f5923-0e1d-0a17-a9f6-f8500e679bf0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2191004260
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d0439c0e}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\DataMngr
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\performersoft llc
[-] Key Deleted : HKCU\Software\RegisteredApplicationsEx
[-] Key Deleted : HKCU\Software\smarttweak
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\GetPrivate
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\DataMngr
[-] Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[!] Key Not Deleted : [x64] HKCU\Software\DataMngr
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\Headlight
[!] Key Not Deleted : [x64] HKCU\Software\ilivid
[!] Key Not Deleted : [x64] HKCU\Software\Optimizer Pro
[!] Key Not Deleted : [x64] HKCU\Software\performersoft llc
[!] Key Not Deleted : [x64] HKCU\Software\RegisteredApplicationsEx
[!] Key Not Deleted : [x64] HKCU\Software\smarttweak
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\V9
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\GetPrivate
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
***** [ Web browsers ] *****
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1432141151&z=879320e8edbad30f08031dag8zccco6g0z7g0gbz6q&from=wpm05203&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F151680516805");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.fastsearchings.info/?pid=3326&r=2014/07/12&hid=3378763937666679058&lg=EN&cc=CZ&unqvl=56&l=1&q=");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Ask.com");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("extensions.JBjnTvKwKtl1YrOA.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("extensions.ZJ6V3wQYsmRhZU8a.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("extensions.yQaNZkiyy9RCdrbR.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=406&v=a15946-340&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1249522375364265&o=APN10645&q=");
[-] [C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.gboxapp.com/
*************************
:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [27807 bytes] ##########
# Updated 18/08/2015 by Xplode
# Database : 2015-08-20.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Václav - PC
# Running from : C:\Users\Václav\Desktop\adwcleaner_5.002.exe
# Option : Cleaning
***** [ Services ] *****
[-] Service Deleted : winzipersvc
[-] Service Deleted : 442b8ad0
[-] Service Deleted : d0439c0e
[-] Service Deleted : d0e87c27
[-] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\sw-booster
[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\Program Files (x86)\adblocker
[-] Folder Deleted : C:\Program Files (x86)\DeigiSaver
[-] Folder Deleted : C:\Program Files (x86)\DiigiCoupon
[-] Folder Deleted : C:\Program Files (x86)\EaxstrASavingS
[-] Folder Deleted : C:\Program Files (x86)\JoniCoUpon
[-] Folder Deleted : C:\Program Files (x86)\JooniCuOupon
[-] Folder Deleted : C:\Program Files (x86)\MianimumPriice
[-] Folder Deleted : C:\Program Files (x86)\RegulAArDeAls
[-] Folder Deleted : C:\Program Files (x86)\RegularDeaLs
[-] Folder Deleted : C:\Program Files (x86)\RoiboSaveer
[-] Folder Deleted : C:\Program Files (x86)\SavEaLots
[-] Folder Deleted : C:\Program Files (x86)\shooppi
[-] Folder Deleted : C:\Program Files (x86)\shopppii
[-] Folder Deleted : C:\Program Files (x86)\taakaeeSaave
[-] Folder Deleted : C:\Program Files (x86)\VauudIx
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\IHProtectUpDate
[-] Folder Deleted : C:\ProgramData\Ads Remover
[-] Folder Deleted : C:\ProgramData\adblocker
[-] Folder Deleted : C:\ProgramData\shooppi
[-] Folder Deleted : C:\ProgramData\VauudIx
[-] Folder Deleted : C:\ProgramData\80a3ae077e7a8c13
[-] Folder Deleted : C:\ProgramData\9269443805268577299
[-] Folder Deleted : C:\ProgramData\{9c4765f7-e38b-4160-9c47-765f7e3897df}
[-] Folder Deleted : C:\ProgramData\{ecaa4b5f-2db2-5fac-ecaa-a4b5f2db2d7c}
[-] Folder Deleted : C:\ProgramData\bdlojknilkllkhicbfanhepgelfhekkh
[-] Folder Deleted : C:\ProgramData\cffmegkekhkpmpponefjfdooglakjnif
[-] Folder Deleted : C:\ProgramData\kgjhjkklkkbhobjbkgnlichploofjdfl
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\akaelkiagnbfcccfnmbimdbplecgbikh
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\acklnhgjphbhhomkneonohbjnbmkclfb
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fkkbaikepfkboklpkapdknanmklgmhoi
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon
[-] Folder Deleted : C:\Users\Václav\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjccbcdojfeobdcifagialhpjohloblp
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\eCyber
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\SkypEmoticons
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
***** [ Files ] *****
[-] File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
[-] File Deleted : C:\Users\Václav\AppData\Roaming\LiveSupport.exe_log.txt
[-] File Deleted : C:\Users\Václav\AppData\Roaming\regsvr32.exe_log.txt
[-] File Deleted : C:\Users\Václav\AppData\Roaming\GNOK.exe
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\Ask.xml
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\trovi-search.xml
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\WebSearch.xml
[-] File Deleted : C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\searchplugins\yahoo_ff.xml
[-] File Deleted : C:\Windows\Reimage.ini
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : Math Problem Solver CPU
[-] Task Deleted : Math Problem Solver GPU
[-] Task Deleted : Math Problem Solver Optimize
[-] Task Deleted : SMupdate1
[-] Task Deleted : Microsoft\Windows\Multimedia\SMupdate3
[-] Task Deleted : Microsoft\Windows\Maintenance\SMupdate2
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : Superclean
***** [ Registry ] *****
[-] Key Deleted : HKCU\Software\Classes\iLivid.torrent
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.P5FE7F2CE_E4B7_4644_BEAA_BF3568C38CD2_.9
[-] Key Deleted : HKCU\Software\6da3be8caa2b2b877b2e2bac0c4c26ac
[-] Key Deleted : HKCU\Software\e2f788d08455dd27700f662a4b272c1b
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\169f5923-0e1d-0a17-a9f6-f8500e679bf0
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2191004260
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d0439c0e}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DC4101EC-F2D3-4648-A1F6-B4EECC52443A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5FE7F2CE-E4B7-4644-BEAA-BF3568C38CD2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\DataMngr
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\performersoft llc
[-] Key Deleted : HKCU\Software\RegisteredApplicationsEx
[-] Key Deleted : HKCU\Software\smarttweak
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\GetPrivate
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Search Protection
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\DataMngr
[-] Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B138259A-351E-33FA-2726-8D71704F1DA9}
[!] Key Not Deleted : [x64] HKCU\Software\DataMngr
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\Headlight
[!] Key Not Deleted : [x64] HKCU\Software\ilivid
[!] Key Not Deleted : [x64] HKCU\Software\Optimizer Pro
[!] Key Not Deleted : [x64] HKCU\Software\performersoft llc
[!] Key Not Deleted : [x64] HKCU\Software\RegisteredApplicationsEx
[!] Key Not Deleted : [x64] HKCU\Software\smarttweak
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\V9
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\GetPrivate
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-1419225695-3128108849-3814843768-1000\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{82679583-E9C5-44C7-8D08-4BBD7B182E02}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
***** [ Web browsers ] *****
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1432141151&z=879320e8edbad30f08031dag8zccco6g0z7g0gbz6q&from=wpm05203&uid=WDCXWD10EZEX-00BN5A0_WD-WCC3F151680516805");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.fastsearchings.info/?pid=3326&r=2014/07/12&hid=3378763937666679058&lg=EN&cc=CZ&unqvl=56&l=1&q=");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1", "Ask.com");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("extensions.JBjnTvKwKtl1YrOA.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("extensions.ZJ6V3wQYsmRhZU8a.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("extensions.yQaNZkiyy9RCdrbR.scode", "(function(){try{if(window.location.href.indexOf(\"qHnEpdn5pdgGrja8qjgHqHs5rn\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure.[...]
[-] [C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=0&systemid=406&v=a15946-340&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=1249522375364265&o=APN10645&q=");
[-] [C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://search.gboxapp.com/
*************************
:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [27807 bytes] ##########
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Ten mbam zkusit v nouz. režimu.
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Ten mbam zkusit v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu logu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by V clav on p 21.08.2015 at 12:57:30,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0F8DEB92-817D-453D-B51A-E30D2D2040E2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{406BF7BD-2289-4D24-BD5F-C48F90506570}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CDA4741-7F07-4C4E-A002-4C9F22612014}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{841A74C0-448E-4C65-9505-9067F79AF78B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A17547F5-F85A-4AF9-8633-9FF8E352F307}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2D2355D-2BCC-4ED4-A37B-F74C9DB23D12}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D87ADB17-2683-417F-B032-BDE5E23AF821}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD46F482-5278-40A0-B8BD-141F2ED5FECB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EF5C47E1-0539-4C6D-B7AD-F6BCEBA7FB87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
~~~ Files
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\V clav\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\BYAIAMUF.exe
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\datamngr
Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\theadblock
Successfully deleted: [Folder] C:\Users\V clav\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\V clav\Appdata\LocalLow\datamngr
Successfully deleted: [Folder] C:\Users\V clav\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\V clav\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\coinsave
Successfully deleted: [Folder] C:\ProgramData\dollarkeeper
Successfully deleted: [Folder] C:\ProgramData\DownSave
Successfully deleted: [Folder] C:\ProgramData\MinimaUmPriice
Successfully deleted: [Folder] C:\ProgramData\MinimumPiricce
Successfully deleted: [Folder] C:\ProgramData\NetoCouipoN
Successfully deleted: [Folder] C:\ProgramData\NetoCouuPoon
Successfully deleted: [Folder] C:\ProgramData\RanddomPurice
Successfully deleted: [Folder] C:\ProgramData\RObOOSavER
Successfully deleted: [Folder] C:\ProgramData\SaevENewaApipz
~~~ FireFox
Successfully deleted: [Folder] C:\Users\V clav\AppData\Roaming\mozilla\firefox\profiles\9hp5wy2d.default\extensions\staged
Successfully deleted the following from C:\Users\V clav\AppData\Roaming\mozilla\firefox\profiles\9hp5wy2d.default\prefs.js
user_pref(extensions.b0Q5NjlOxsRpw850.scode, (function(){try{if(window.self.location.href.indexOf(\qHnEpdn5pdgGrja8qjgHqHs5rn\)>-1){return;}}catch(e){}try{var d=[[\trian
Emptied folder: C:\Users\V clav\AppData\Roaming\mozilla\firefox\profiles\9hp5wy2d.default\minidumps [51 files]
~~~ Chrome
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 21.08.2015 at 13:01:09,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by V clav on p 21.08.2015 at 12:57:30,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0F8DEB92-817D-453D-B51A-E30D2D2040E2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{406BF7BD-2289-4D24-BD5F-C48F90506570}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CDA4741-7F07-4C4E-A002-4C9F22612014}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{841A74C0-448E-4C65-9505-9067F79AF78B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A17547F5-F85A-4AF9-8633-9FF8E352F307}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D2D2355D-2BCC-4ED4-A37B-F74C9DB23D12}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D87ADB17-2683-417F-B032-BDE5E23AF821}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD46F482-5278-40A0-B8BD-141F2ED5FECB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EF5C47E1-0539-4C6D-B7AD-F6BCEBA7FB87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
~~~ Files
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\appdataFr2.bin
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\V clav\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
Successfully deleted: [File] C:\Users\V clav\AppData\Roaming\BYAIAMUF.exe
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\datamngr
Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\theadblock
Successfully deleted: [Folder] C:\Users\V clav\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\V clav\Appdata\LocalLow\datamngr
Successfully deleted: [Folder] C:\Users\V clav\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\V clav\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\coinsave
Successfully deleted: [Folder] C:\ProgramData\dollarkeeper
Successfully deleted: [Folder] C:\ProgramData\DownSave
Successfully deleted: [Folder] C:\ProgramData\MinimaUmPriice
Successfully deleted: [Folder] C:\ProgramData\MinimumPiricce
Successfully deleted: [Folder] C:\ProgramData\NetoCouipoN
Successfully deleted: [Folder] C:\ProgramData\NetoCouuPoon
Successfully deleted: [Folder] C:\ProgramData\RanddomPurice
Successfully deleted: [Folder] C:\ProgramData\RObOOSavER
Successfully deleted: [Folder] C:\ProgramData\SaevENewaApipz
~~~ FireFox
Successfully deleted: [Folder] C:\Users\V clav\AppData\Roaming\mozilla\firefox\profiles\9hp5wy2d.default\extensions\staged
Successfully deleted the following from C:\Users\V clav\AppData\Roaming\mozilla\firefox\profiles\9hp5wy2d.default\prefs.js
user_pref(extensions.b0Q5NjlOxsRpw850.scode, (function(){try{if(window.self.location.href.indexOf(\qHnEpdn5pdgGrja8qjgHqHs5rn\)>-1){return;}}catch(e){}try{var d=[[\trian
Emptied folder: C:\Users\V clav\AppData\Roaming\mozilla\firefox\profiles\9hp5wy2d.default\minidumps [51 files]
~~~ Chrome
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\V clav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 21.08.2015 at 13:01:09,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Prosim o kontrolu logu
MBAM ani v nouzovém režimu nefunguje...
RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Václav [Práva správce]
Started from : C:\Users\Václav\Desktop\RogueKillerX64.exe
Mód : Prohledat Přerušeno -- Datum : 08/21/2015 13:23:05
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 15 ¤¤¤
[VT.Trojan.VBS.TZJ] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mncmabxSrv : C:\Windows\inf\mncmabx.vbe [-] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Václav [Práva správce]
Started from : C:\Users\Václav\Desktop\RogueKillerX64.exe
Mód : Prohledat Přerušeno -- Datum : 08/21/2015 13:23:05
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 15 ¤¤¤
[VT.Trojan.VBS.TZJ] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mncmabxSrv : C:\Windows\inf\mncmabx.vbe [-] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : 10.255.255.10 10.255.255.20 ([(Private Address) (XX)][(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : 82.163.143.169,82.163.142.171 ([-][UNITED KINGDOM (GB)]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir i firewall.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosim o kontrolu logu
RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Václav [Práva správce]
Started from : C:\Users\Václav\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/21/2015 20:27:57
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 15 ¤¤¤
[VT.Trojan.VBS.TZJ] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mncmabxSrv : C:\Windows\inf\mncmabx.vbe [-] -> ERROR [0]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.comSmazáno
¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_POWER[22] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_PNP[27] : Unknown @ 0x419a6ccb00000000
¤¤¤ Webové prohlížeče : 7 ¤¤¤
[FIREFX:Addon] 9hp5wy2d.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : McAfee Security Scan Plus detection [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : OptiSaloes [a@C6WXoEJ.com] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : SAveLots [XOW@xkG9U.com] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : NoMore Ads [widazpntixylzmfdsr@n_vyzodyfjjeejh.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] 9hp5wy2d.default : user_pref("browser.startup.homepage", "http://www.reerd.com"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00BN5A0 ATA Device +++++
--- User ---
[MBR] a453c80a561c149ee65a5c90969bd967
[BSP] d8b1a456631a8bcbe1f39ebc28fe8465 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 453768 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 929523712 | Size: 499999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Václav [Práva správce]
Started from : C:\Users\Václav\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/21/2015 20:27:57
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 15 ¤¤¤
[VT.Trojan.VBS.TZJ] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | mncmabxSrv : C:\Windows\inf\mncmabx.vbe [-] -> ERROR [0]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{218D4E43-A83A-4909-9370-5C1A11BCC96B} | DhcpNameServer : ([(Private Address) (XX)][(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{414BE8E7-0FCA-4DE8-819B-BEC46718080D} | NameServer : ([-][UNITED KINGDOM (GB)]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 0.0.0.1 mssplus.mcafee.comSmazáno
¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_POWER[22] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x419a6ccb00000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_PNP[27] : Unknown @ 0x419a6ccb00000000
¤¤¤ Webové prohlížeče : 7 ¤¤¤
[FIREFX:Addon] 9hp5wy2d.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : McAfee Security Scan Plus detection [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : OptiSaloes [a@C6WXoEJ.com] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : SAveLots [XOW@xkG9U.com] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno
[FIREFX:Addon] 9hp5wy2d.default : NoMore Ads [widazpntixylzmfdsr@n_vyzodyfjjeejh.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] 9hp5wy2d.default : user_pref("browser.startup.homepage", "http://www.reerd.com"); -> Nahrazeno (about:home)
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00BN5A0 ATA Device +++++
--- User ---
[MBR] a453c80a561c149ee65a5c90969bd967
[BSP] d8b1a456631a8bcbe1f39ebc28fe8465 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 453768 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 929523712 | Size: 499999 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Re: Prosim o kontrolu logu
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by V clav on p 21.08.2015 at 20:33:35,35.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\VCLAV~1\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
21.8.2015 20:35:06 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\AppendGeneration deleted successfully
C:\PROGRA~2\AVG deleted successfully
C:\PROGRA~2\Bright Sick deleted successfully
C:\PROGRA~2\Centauri deleted successfully
C:\PROGRA~2\GUM29DD.tmp deleted successfully
C:\PROGRA~2\Metro 2033 deleted successfully
C:\PROGRA~2\Mirillis deleted successfully
C:\PROGRA~2\OptiSaloes deleted successfully
C:\PROGRA~2\Overwolf deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\PROGRA~2\RG Origami deleted successfully
C:\PROGRA~2\COMMON~1\$RU5D5UU deleted successfully
C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\VCLAV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\San Andreas Multiplayer deleted successfully
C:\PROGRA~3\coinsAvoe deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Users\V clav\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\V clav\AppData\Local\EmieSiteList deleted successfully
C:\Users\V clav\AppData\Local\EmieUserList deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrustedInstaller deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- Lines extensions.92c6ucbZdPI3vlAo removed from prefs.js ----
user_pref("extensions.92c6ucbZdPI3vlAo.epoch", "1");
user_pref("extensions.92c6ucbZdPI3vlAo.scode", "void(0);");
user_pref("extensions.92c6ucbZdPI3vlAo.url", "http://cacheder.net/sync/?q=C6qUojr6pdn5rTnEqdC9qTr5qHa9pdrMAyVUojC9rdY9pdY7rTwEqjk7rHCGpdwMCMlNhd9Fqja9
---- Lines extensions.JBjnTvKwKtl1YrOA removed from prefs.js ----
user_pref("extensions.JBjnTvKwKtl1YrOA.epoch", "1435844251");
user_pref("extensions.JBjnTvKwKtl1YrOA.url", "http://veteranted.com/sync2/?q=hfZ9ojl4AzgMCyVUojsFqdC9pdrMg708BNmGWj8deShGheDUojw8rdgEqTsFqjs9qShIC7n0r
---- Lines extensions.ZJ6V3wQYsmRhZU8a removed from prefs.js ----
user_pref("extensions.ZJ6V3wQYsmRhZU8a.epoch", "1435844254");
user_pref("extensions.ZJ6V3wQYsmRhZU8a.url", "http://goods-link.info/sync2/?q=hfZ9oe0EC7xZCGhEAen0qTsMg708BNmGWj8deShGheDUojw8rdgEqTw6qjsHpchIC7n0rjkE
---- Lines extensions.b0Q5NjlOxsRpw850 removed from prefs.js ----
user_pref("extensions.b0Q5NjlOxsRpw850.epoch", "1426458406");
user_pref("extensions.b0Q5NjlOxsRpw850.url", "http://gethexnow.com/sync2/?q=hfZ9oeh7h7sMCyVUojnMg708BNmGWj8deShGheDUojw8rdrFrdw6rHaHpchIC7n0rjkErHwFrj
---- Lines extensions.yQaNZkiyy9RCdrbR removed from prefs.js ----
user_pref("extensions.yQaNZkiyy9RCdrbR.epoch", "1433567024");
user_pref("extensions.yQaNZkiyy9RCdrbR.url", "http://getjpiproxy.info/sync2/?q=hfZ9ofhTgShEAen0qjCMg708BNmGWj8deShGheDUojw8rdkFrHw9qda8rShIC7n0rjkEqjs
---- FireFox user.js and prefs.js backups ----
prefs_21.08.2015_2047_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\AppendGeneration not found
C:\PROGRA~2\AVG not found
C:\PROGRA~2\Bright Sick not found
C:\PROGRA~2\Centauri not found
C:\PROGRA~2\GUM29DD.tmp not found
C:\PROGRA~2\Metro 2033 not found
C:\PROGRA~2\Mirillis not found
C:\PROGRA~2\OptiSaloes not found
C:\PROGRA~2\Overwolf not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~2\RG Origami not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~2\ccoappunk deleted
C:\PROGRA~2\OptiSaless deleted
C:\PROGRA~2\SeekerInstance deleted
C:\PROGRA~2\TailCutter deleted
C:\PROGRA~2\Filthy Night deleted
C:\PROGRA~2\IMG inspector deleted
C:\PROGRA~2\Immense Cell deleted
C:\PROGRA~2\New Tab Helper deleted
C:\PROGRA~2\Share link via email deleted
C:\PROGRA~2\Whiskey Militia Countdown Timer deleted
C:\PROGRA~3\oaapenlijpdoedoiolelppmkccngfifd deleted
C:\PROGRA~3\ppccakdnccijdniocmbmmaijlfhcnlmp deleted
C:\PROGRA~2\GUM7222.tmp deleted
C:\Users\VCLAV~1\update-walking-dead.bat deleted
C:\PROGRA~3\Supreme AdBlocker deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\jetpack deleted
"C:\Users\VCLAV~1\AppData\Local\{00FF6B7E-9CF5-4D59-B7FE-E6657E3D8A40}" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default
- Undetermined - C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\extensions\widazpntixylzmfdsr@n_vyzodyfjjeejh.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Václav\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Václav\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Václav\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Google Chrome Version: 44.0.2403.155
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d94a9c6c-5d24-4e58-b9e9-59daa0bc27bf deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Math Problem Solver deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Václav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Václav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=69 folders=55 37677350 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Václav\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\VCLAV~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on p 21.08.2015 at 20:56:23,38 ======================
Tool run by V clav on p 21.08.2015 at 20:33:35,35.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\VCLAV~1\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
21.8.2015 20:35:06 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\AppendGeneration deleted successfully
C:\PROGRA~2\AVG deleted successfully
C:\PROGRA~2\Bright Sick deleted successfully
C:\PROGRA~2\Centauri deleted successfully
C:\PROGRA~2\GUM29DD.tmp deleted successfully
C:\PROGRA~2\Metro 2033 deleted successfully
C:\PROGRA~2\Mirillis deleted successfully
C:\PROGRA~2\OptiSaloes deleted successfully
C:\PROGRA~2\Overwolf deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\PROGRA~2\RG Origami deleted successfully
C:\PROGRA~2\COMMON~1\$RU5D5UU deleted successfully
C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\VCLAV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\San Andreas Multiplayer deleted successfully
C:\PROGRA~3\coinsAvoe deleted successfully
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully
C:\Users\V clav\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\V clav\AppData\Local\EmieSiteList deleted successfully
C:\Users\V clav\AppData\Local\EmieUserList deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrustedInstaller deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- Lines extensions.92c6ucbZdPI3vlAo removed from prefs.js ----
user_pref("extensions.92c6ucbZdPI3vlAo.epoch", "1");
user_pref("extensions.92c6ucbZdPI3vlAo.scode", "void(0);");
user_pref("extensions.92c6ucbZdPI3vlAo.url", "http://cacheder.net/sync/?q=C6qUojr6pdn5rTnEqdC9qTr5qHa9pdrMAyVUojC9rdY9pdY7rTwEqjk7rHCGpdwMCMlNhd9Fqja9
---- Lines extensions.JBjnTvKwKtl1YrOA removed from prefs.js ----
user_pref("extensions.JBjnTvKwKtl1YrOA.epoch", "1435844251");
user_pref("extensions.JBjnTvKwKtl1YrOA.url", "http://veteranted.com/sync2/?q=hfZ9ojl4AzgMCyVUojsFqdC9pdrMg708BNmGWj8deShGheDUojw8rdgEqTsFqjs9qShIC7n0r
---- Lines extensions.ZJ6V3wQYsmRhZU8a removed from prefs.js ----
user_pref("extensions.ZJ6V3wQYsmRhZU8a.epoch", "1435844254");
user_pref("extensions.ZJ6V3wQYsmRhZU8a.url", "http://goods-link.info/sync2/?q=hfZ9oe0EC7xZCGhEAen0qTsMg708BNmGWj8deShGheDUojw8rdgEqTw6qjsHpchIC7n0rjkE
---- Lines extensions.b0Q5NjlOxsRpw850 removed from prefs.js ----
user_pref("extensions.b0Q5NjlOxsRpw850.epoch", "1426458406");
user_pref("extensions.b0Q5NjlOxsRpw850.url", "http://gethexnow.com/sync2/?q=hfZ9oeh7h7sMCyVUojnMg708BNmGWj8deShGheDUojw8rdrFrdw6rHaHpchIC7n0rjkErHwFrj
---- Lines extensions.yQaNZkiyy9RCdrbR removed from prefs.js ----
user_pref("extensions.yQaNZkiyy9RCdrbR.epoch", "1433567024");
user_pref("extensions.yQaNZkiyy9RCdrbR.url", "http://getjpiproxy.info/sync2/?q=hfZ9ofhTgShEAen0qjCMg708BNmGWj8deShGheDUojw8rdkFrHw9qda8rShIC7n0rjkEqjs
---- FireFox user.js and prefs.js backups ----
prefs_21.08.2015_2047_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\AppendGeneration not found
C:\PROGRA~2\AVG not found
C:\PROGRA~2\Bright Sick not found
C:\PROGRA~2\Centauri not found
C:\PROGRA~2\GUM29DD.tmp not found
C:\PROGRA~2\Metro 2033 not found
C:\PROGRA~2\Mirillis not found
C:\PROGRA~2\OptiSaloes not found
C:\PROGRA~2\Overwolf not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~2\RG Origami not found
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found
C:\PROGRA~2\ccoappunk deleted
C:\PROGRA~2\OptiSaless deleted
C:\PROGRA~2\SeekerInstance deleted
C:\PROGRA~2\TailCutter deleted
C:\PROGRA~2\Filthy Night deleted
C:\PROGRA~2\IMG inspector deleted
C:\PROGRA~2\Immense Cell deleted
C:\PROGRA~2\New Tab Helper deleted
C:\PROGRA~2\Share link via email deleted
C:\PROGRA~2\Whiskey Militia Countdown Timer deleted
C:\PROGRA~3\oaapenlijpdoedoiolelppmkccngfifd deleted
C:\PROGRA~3\ppccakdnccijdniocmbmmaijlfhcnlmp deleted
C:\PROGRA~2\GUM7222.tmp deleted
C:\Users\VCLAV~1\update-walking-dead.bat deleted
C:\PROGRA~3\Supreme AdBlocker deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\jetpack deleted
"C:\Users\VCLAV~1\AppData\Local\{00FF6B7E-9CF5-4D59-B7FE-E6657E3D8A40}" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\VCLAV~1\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default
- Undetermined - C:\Users\Václav\AppData\Roaming\Mozilla\Firefox\Profiles\9hp5wy2d.default\extensions\widazpntixylzmfdsr@n_vyzodyfjjeejh.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Václav\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Václav\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Václav\AppData\Local\Comodo\Dragon deleted
==== Chromium Look ======================
Google Chrome Version: 44.0.2403.155
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d94a9c6c-5d24-4e58-b9e9-59daa0bc27bf deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Math Problem Solver deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Václav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Václav\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=69 folders=55 37677350 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Václav\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\VCLAV~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on p 21.08.2015 at 20:56:23,38 ======================
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosim o kontrolu logu
Ještě ten Combofix.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 112 hostů