Tak, tady je LOG z toho duhýho ADWcleaneru a jdu na ten JUNK
# AdwCleaner v5.009 - Logfile created 04/10/2015 at 10:38:29
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : čiro - ČIRO
# Running from : C:\Users\Miroslav\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\ProgramData\Tbccint
[-] Folder Deleted : C:\Users\Miroslav\AppData\Local\DriverToolkit
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Miroslav\AppData\Local\Temp\BS_Player_ControlBar_B
[-] Folder Deleted : C:\Users\Miroslav\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Miroslav\AppData\LocalLow\Tbccint
[-] Folder Deleted : C:\Users\Miroslav\AppData\LocalLow\BS_Player_ControlBar_B
[-] Folder Deleted : C:\Users\Miroslav\AppData\LocalLow\sitefinder
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\LocalLow\PriceGong
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\LocalLow\Tbccint
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\LocalLow\BS_Player_ControlBar_B
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\LocalLow\sitefinder
[-] Folder Deleted : C:\Users\Miroslav\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Miroslav\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Miroslav\AppData\Roaming\RPEng
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\Roaming\OpenCandy
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\Roaming\RHEng
[!] Folder Not Deleted : C:\Users\Miroslav\AppData\Roaming\RPEng
[-] Folder Deleted : C:\Users\Miroslav\Documents\Mobogenie
[-] Folder Deleted : C:\Users\Miroslav\Documents\smart pc cleaner
[!] Folder Not Deleted : C:\Users\Miroslav\Documents\Mobogenie
[!] Folder Not Deleted : C:\Users\Miroslav\Documents\smart pc cleaner
[-] Folder Deleted : C:\Users\Public\Documents\Goobzo
[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Miroslav\daemonprocess.txt
[-] File Deleted : C:\Users\Miroslav\daemonprocess.txt
[-] File Deleted : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\user.js
[-] File Deleted : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\user.js
[-] File Deleted : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\user.js
[-] File Deleted : C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\user.js
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : Adobe Flash Player Updater
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
[-] Key Deleted : HKCU\Software\Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{28324772-D0E5-4546-B23C-EDF8296D3C22}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\DriverToolkit
[!] Key Not Deleted : HKU\S-1-5-21-2804911619-2271049226-2739717153-1001\Software\AppDataLow\Software\PriceGong
[!] Key Not Deleted : HKU\S-1-5-21-2804911619-2271049226-2739717153-1001\Software\AppDataLow\Software\Tbccint
[!] Key Not Deleted : HKU\S-1-5-21-2804911619-2271049226-2739717153-1001\Software\AppDataLow\Software\TbccintSearchScopes
[!] Key Not Deleted : HKU\S-1-5-21-2804911619-2271049226-2739717153-1001\Software\AppDataLow\Software\BS_Player_ControlBar_B
***** [ Web browsers ] *****
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.FF19Solved", "true");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.UserID", "UN24062761892813728");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.dum", "2");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.fullUserID", "UN24062761892813728.IN.20141112163302");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installDate", "12/11/2014 16:33:03");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSessionId", "77e429d2-cdba-4976-a786-4e040882f9a0");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSp", "false");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installerVersion", "1.11.0.11");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchRevert", "@searchrevert@");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUninstallUserMode", "4");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUserMode", "4");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.toolbarInstallDate", "12-11-2014 16:33:02");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.versionFromInstaller", "10.35.0.3");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.xpeMode", "1");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "OB9CAE75XLJEKGR/HT/O94J7L+W7OQCYXPTNFZUDCTT2A8IV6N7LYDUNWZWFENIVZWZC04YFSNXBMAL1MONP2Q");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.FF19Solved", "true");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.UserID", "UN24062761892813728");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.dum", "2");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.fullUserID", "UN24062761892813728.IN.20141112163302");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installDate", "12/11/2014 16:33:03");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSessionId", "77e429d2-cdba-4976-a786-4e040882f9a0");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installSp", "false");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.installerVersion", "1.11.0.11");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchRevert", "@searchrevert@");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUninstallUserMode", "4");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.searchUserMode", "4");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.toolbarInstallDate", "12-11-2014 16:33:02");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.versionFromInstaller", "10.35.0.3");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("CT3329621.xpeMode", "1");
[-] [C:\Users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\htcs7moe.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "OB9CAE75XLJEKGR/HT/O94J7L+W7OQCYXPTNFZUDCTT2A8IV6N7LYDUNWZWFENIVZWZC04YFSNXBMAL1MONP2Q");
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10989 bytes] ##########
c:/windows/syswow64/cscript.exe
Re: c:/windows/syswow64/cscript.exe
...a tady je LOG z JRT.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by źiro on ne 04. 10. 2015 at 10:42:02,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0f4e02f8-f10e-493d-a1a7-3aed7ba7b110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f4e02f8-f10e-493d-a1a7-3aed7ba7b110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0f4e02f8-f10e-493d-a1a7-3aed7ba7b110}
~~~ Files
Successfully deleted: [File] C:\Users\Miroslav\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage
Successfully deleted: [File] C:\Users\Miroslav\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Users\Miroslav\Appdata\Local\crashrpt
~~~ FireFox
Emptied folder: C:\Users\Miroslav\AppData\Roaming\mozilla\firefox\profiles\htcs7moe.default\minidumps [8 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gdalhedleemkkdjddjgfjmcnbpejpapp
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gdalhedleemkkdjddjgfjmcnbpejpapp
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 04. 10. 2015 at 10:45:29,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8.1 x64
Ran by źiro on ne 04. 10. 2015 at 10:42:02,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0f4e02f8-f10e-493d-a1a7-3aed7ba7b110}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C9DD2AA4-C547-444A-83E9-3ABFF20765EE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f4e02f8-f10e-493d-a1a7-3aed7ba7b110}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0f4e02f8-f10e-493d-a1a7-3aed7ba7b110}
~~~ Files
Successfully deleted: [File] C:\Users\Miroslav\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage
Successfully deleted: [File] C:\Users\Miroslav\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gdalhedleemkkdjddjgfjmcnbpejpapp_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Users\Miroslav\Appdata\Local\crashrpt
~~~ FireFox
Emptied folder: C:\Users\Miroslav\AppData\Roaming\mozilla\firefox\profiles\htcs7moe.default\minidumps [8 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gdalhedleemkkdjddjgfjmcnbpejpapp
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Miroslav\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gdalhedleemkkdjddjgfjmcnbpejpapp
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 04. 10. 2015 at 10:45:29,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: c:/windows/syswow64/cscript.exe
AdwCleaner ještě jednou a po nalezení smaž všechny položky. Některé se tentokrát nesmazali.
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 88 hostů