Kontrola logu z HJT Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Kontrola logu z HJT

Příspěvekod Nitram3 » 29 pro 2014 18:05

Dobrý den, opět moc prosím o kontrolu logu z HJT. V prohlížeči se zobrazují samé reklamy. Díky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:01:56, on 29.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\STab\cmdshell.exe
C:\Program Files (x86)\STab\HPNotify.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\AirDroid\AirDroid.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Martin\Desktop\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga?type=hpppppppppppp ... pppppppppp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga?type=hpppppppppppp ... pppppppppp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga?type=hpppppppppppp ... pppppppppp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omigaweb/?type=dspp&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omigaweb/?type=dspp&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga?type=hpppppppppppp ... pppppppppp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - (no file)
O2 - BHO: 722d4692059d4f6e9e4fe6c89dbafe3b0065743 - {11111111-1111-1111-1111-110611571143} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [AirDroid 3] C:\Program Files (x86)\AirDroid\AirDroid.exe /start
O4 - HKUS\S-1-5-21-1628778170-4223881759-3681946860-1392\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1628778170-4223881759-3681946860-1392\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHProtect Service - TODO: <Company name> - C:\Program Files (x86)\STab\ProtectService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update SourceApp - Unknown owner - C:\Program Files (x86)\SourceApp\updateSourceApp.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15784 bytes

Reklama
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Orcus » 29 pro 2014 18:23

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 29 pro 2014 20:15

Tady jsou logy:

ADW:

# AdwCleaner v4.106 - Report created 29/12/2014 at 19:02:40
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : WindowsMangerProtect
Service Found : IHProtect Service
Service Found : Update SourceApp
Service Found : {a41197ef-0b95-4642-a2a8-7ab88e13264c}Gw64

***** [ Files / Folders ] *****

File Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\user.js
File Found : C:\Windows\System32\drivers\{a41197ef-0b95-4642-a2a8-7ab88e13264c}Gw64.sys
Folder Found : C:\Program Files (x86)\App Lid
Folder Found : C:\Program Files (x86)\App Lid
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\STab
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Martin\AppData\Local\Babylon
Folder Found : C:\Users\Martin\AppData\Local\globalUpdate
Folder Found : C:\Users\Martin\AppData\Roaming\Babylon

***** [ Scheduled Tasks ] *****

Task Found : 21ff6560-747c-4b44-9422-2c48332cf916
Task Found : 5cd48283-0796-4875-9885-e46420ad1f91

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\App Lid
Key Found : HKCU\Software\AppDataLow\Software\App Lid
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\MaxiGet
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\MaxiGet
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\App Lid
Key Found : HKLM\SOFTWARE\App Lid
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572243}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575543}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576643}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574443}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\MaxiGet
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e68d96b-9b43-4ca9-8515-1002bdf2c069}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10d6b3db-a1a5-4c6b-8560-415af19c16ca}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd75643c-ad6f-46ba-8cb3-0095c9761985}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e7bf6812-2b76-40de-978a-0a5733ab2150}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\omiga-plusSoftware
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\Video Player
Key Found : HKLM\SOFTWARE\VideoPlayerV3
Key Found : HKLM\SOFTWARE\Webexp Enhanced
Key Found : HKLM\SOFTWARE\WebexpEnhancedV1
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572243}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575543}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576643}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e68d96b-9b43-4ca9-8515-1002bdf2c069}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10d6b3db-a1a5-4c6b-8560-415af19c16ca}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd75643c-ad6f-46ba-8cb3-0095c9761985}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e7bf6812-2b76-40de-978a-0a5733ab2150}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga?type=hpppppppppppp ... pppppppppp
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga?type=hpppppppppppp ... pppppppppp
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga?type=hpppppppppppp ... pppppppppp
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga?type=hpppppppppppp ... pppppppppp
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga?type=hpppppppppppp ... pppppppppp
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga?type=hpppppppppppp ... pppppppppp
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[mj9e7qec.default-1412861329088] - Line Found : user_pref("browser.startup.homepage", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp");
[mj9e7qec.default-1412861329088] - Line Found : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A853130%2C%22ver%22%3A1%2C%22status%22%3A1%2C%[...]
[mj9e7qec.default-1412861329088] - Line Found : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D[...]
[mj9e7qec.default-1412861329088] - Line Found : user_pref("extensions.crossrider.bic", "14a4a3ba1a738a6c6dd3dbc93074ca11");
[mj9e7qec.default-1412861329088] - Line Found : user_pref("extensions.quick_start.enable_search1", false);
[mj9e7qec.default-1412861329088] - Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95

[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?mntrId=dcc9f ... =110195&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?mntrId=dcc9f ... =110195&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={39EA73BB-CFBF-4AF8-AA6E-5B627BC88DD6}&mid=598b16b797d647d0a8dc7d3bcf8591c7-54db02f28a513088eb8c0a55ecd5dc7239f288e3&ds=tc011&lang=cs&v=13.2.0.5&pr=sa&d=2012-12-23 11:16:59&sap=dsp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [20308 octets] - [29/10/2014 11:18:51]
AdwCleaner[R1].txt - [20369 octets] - [30/10/2014 15:05:30]
AdwCleaner[R2].txt - [18303 octets] - [29/12/2014 19:02:40]
AdwCleaner[S0].txt - [20431 octets] - [30/10/2014 15:08:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [18425 octets] ##########

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 29 pro 2014 20:16

A tady je MbAM: Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29.12.2014
Scan Time: 19:16:49
Logfile: MbAM log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.29.06
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 497765
Time Elapsed: 40 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 2000, , [17836cfcb9c360d617b20bb6df229e62]
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\5cd48283-0796-4875-9885-e46420ad1f91.exe, 2784, , [465484e48af2a69095f14f07d3301de3]

Modules: 0
(No malicious items detected)

Registry Keys: 36
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [17836cfcb9c360d617b20bb6df229e62],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622572243}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644574443}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655575543}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666576643}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655575543}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666576643}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644574443}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\CLASSES\722d4692059d4f6e9e4fe6c89dbafe3b0065743.Sandbox.1, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\CLASSES\722d4692059d4f6e9e4fe6c89dbafe3b0065743.Sandbox, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\722d4692059d4f6e9e4fe6c89dbafe3b0065743.Sandbox, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\722d4692059d4f6e9e4fe6c89dbafe3b0065743.Sandbox.1, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622572243}, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a41197ef-0b95-4642-a2a8-7ab88e13264c}Gw64, , [e9b13b2d55271b1ba6453840be458c74],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25286, , [49511850e69652e4599e821336cd8f71],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [f5a5c3a54c30f6408c3c3d86956f15eb],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\App Lid, , [3b5fe1874a3271c5a69584e2c241db25],
PUP.Optional.AppLid.A, HKLM\SOFTWARE\WOW6432NODE\App Lid-nv, , [663484e44f2dcf67cd6e3234986bd22e],
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, , [c9d11b4d3d3f1224a583537d18ec18e8],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [e2b8bcac6f0d2016fe22fedaee168a76],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [a4f684e48bf1bf77b7773d3e739006fa],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\25286, , [1f7b31377a02340274830f861be8649c],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [ecae660229537cba448421a22adab34d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [3862f7715a22ba7c4ece706b679dcb35],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [cad089df5a2290a6071601dac2428080],
PUP.Optional.SourceApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update SourceApp, , [eab0a0c86c1053e32068c719ce360af6],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [e4b63f2985f711251afac6a22ed51ee2],
PUP.Optional.AppLid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\App Lid-nv, , [abeff177b7c545f1ea52bda94fb4e818],
PUP.Optional.AppLid.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\App Lid, , [78220b5dd6a662d458e5402624df05fb],
PUP.Optional.AppLid.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\App Lid-nv, , [306a8cdcb1cb1f17b4883333ca398f71],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [eab0f474eb91ea4cfa90a7bafa096a96],
PUP.Optional.AppLid.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\App Lid, , [b6e46503512b43f342fbbda91fe452ae],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [e6b4b9af3a421620f6725a7235cfe61a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\25286, , [9dfdfb6dcbb11e18b15770ff7c87b848],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Lid, , [d5c593d51864ab8bcb735e0855aedb25],
PUP.Optional.Qone8, HKU\S-1-5-21-1628778170-4223881759-3681946860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [9a008bdda7d560d65f6804bf7d87738d],

Registry Values: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [a4f684e48bf1bf77b7773d3e739006fa]
PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, , [dac0e58392ead16516ec69fe3bc82dd3]

Registry Data: 4
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}),,[6e2c4f198bf1d660c55b6b186a9b669a]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}),,[bae095d392ea2f0776ae91f21fe649b7]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[b6e4f870ea924aecf758aad7cb3a0ff1]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[d6c40365e39974c2ed623f42c83d58a8]

Folders: 10
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [b0ea93d56616aa8c0fd894ac8f7424dc],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [b0ea93d56616aa8c0fd894ac8f7424dc],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [b3e7e08893e9e254eccd21213bc8b44c],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [b3e7e08893e9e254eccd21213bc8b44c],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [b3e7e08893e9e254eccd21213bc8b44c],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [b3e7e08893e9e254eccd21213bc8b44c],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [b3e7e08893e9e254eccd21213bc8b44c],
PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{652F39DE-EAE8-4352-9E2F-462F985F7252}, , [b3e7e08893e9e254eccd21213bc8b44c],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.SourceApp.A, C:\Program Files (x86)\SourceApp, , [18827cec8defb185b63a4115897a718f],

Files: 33
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [17836cfcb9c360d617b20bb6df229e62],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-bg.exe, , [8713e1877ffde84ea4d126c02ad7619f],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-bho.dll, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-bho64.dll, , [fc9e5612126a191d2d484e98cc35cb35],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-buttonutil.exe, , [3f5b40282c50ad89babb44a2f70aa858],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-buttonutil64.exe, , [b5e5acbc5329fd39f0857d69db265aa6],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\cf1098ec-49ef-437a-bdd0-677d21bdd167-64.exe, , [623813550a7224126b0a40a6966b23dd],
PUP.Optional.OmigaPlus.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, , [e5b541270a720e285751ed752fd4738d],
PUP.Optional.OmigaPlus.A, C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, , [a3f7f672473539fd5454580a758ed52b],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a41197ef-0b95-4642-a2a8-7ab88e13264c}Gw64.sys, , [e9b13b2d55271b1ba6453840be458c74],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\21ff6560-747c-4b44-9422-2c48332cf916.job, , [aeec90d8f785c5716bafca11927255ab],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\5cd48283-0796-4875-9885-e46420ad1f91.job, , [8416cd9b3b4184b2e832f7e49d677a86],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\21ff6560-747c-4b44-9422-2c48332cf916, , [0496f474a8d44cea4dced10a3fc5916f],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\5cd48283-0796-4875-9885-e46420ad1f91, , [dbbf3a2ea0dcdf5716055388b64e926e],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [b0ea93d56616aa8c0fd894ac8f7424dc],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\bgNova.html, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\1293297481.mxaddon, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\5cd48283-0796-4875-9885-e46420ad1f91.exe, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-buttonutil.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid-buttonutil64.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\App Lid.ico, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\background.html, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\bdb6e69e-0c42-449a-ae60-20a5f44cffc1.crx, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\Interop.IWshRuntimeLibrary.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\Newtonsoft.Json.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\SuperSocket.ClientEngine.Common.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\SuperSocket.ClientEngine.Core.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\SuperSocket.ClientEngine.Protocol.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\WebSocket4Net.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\c24a3bc0-a931-45d3-88e6-b33caac56a94.dll, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\cf1098ec-49ef-437a-bdd0-677d21bdd167.crx, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.AppLid.A, C:\Program Files (x86)\App Lid\cf1098ec-49ef-437a-bdd0-677d21bdd167.xpi, , [465484e48af2a69095f14f07d3301de3],
PUP.Optional.CrossRider.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14a4a3ba1a738a6c6dd3dbc93074ca11");), ,[58426afe403ceb4b84354377cd386e92]

Physical Sectors: 0
(No malicious items detected)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod jaro3 » 30 pro 2014 09:47

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 30 pro 2014 13:22

Tu jsou logy:

ADW:

# AdwCleaner v4.106 - Report created 30/12/2014 at 11:52:17
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Martin - MARTIN-PC
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : WindowsMangerProtect
Service Deleted : IHProtect Service
[#] Service Deleted : Update SourceApp
Service Deleted : {a41197ef-0b95-4642-a2a8-7ab88e13264c}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\App Lid
Folder Deleted : C:\Program Files (x86)\STab
Folder Deleted : C:\Users\Martin\AppData\Local\Babylon
Folder Deleted : C:\Users\Martin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Martin\AppData\Roaming\Babylon
File Deleted : C:\Windows\System32\drivers\{a41197ef-0b95-4642-a2a8-7ab88e13264c}Gw64.sys
File Deleted : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\user.js
File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : 21ff6560-747c-4b44-9422-2c48332cf916
Task Deleted : 5cd48283-0796-4875-9885-e46420ad1f91

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572243}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575543}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576643}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574443}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e68d96b-9b43-4ca9-8515-1002bdf2c069}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10d6b3db-a1a5-4c6b-8560-415af19c16ca}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd75643c-ad6f-46ba-8cb3-0095c9761985}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e7bf6812-2b76-40de-978a-0a5733ab2150}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572243}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575543}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576643}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e68d96b-9b43-4ca9-8515-1002bdf2c069}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10d6b3db-a1a5-4c6b-8560-415af19c16ca}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd75643c-ad6f-46ba-8cb3-0095c9761985}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e7bf6812-2b76-40de-978a-0a5733ab2150}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\MaxiGet
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\App Lid
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\App Lid
Key Deleted : HKLM\SOFTWARE\MaxiGet
Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
Key Deleted : HKLM\SOFTWARE\WebexpEnhancedV1
Key Deleted : HKLM\SOFTWARE\Video Player
Key Deleted : HKLM\SOFTWARE\VideoPlayerV3
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v34.0.5 (x86 cs)

[mj9e7qec.default-1412861329088\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.omiga?type=hppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp");
[mj9e7qec.default-1412861329088\prefs.js] - Line Deleted : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_meta.value", "%7B%2219x19.png%22%3A%7B%22id%22%3A853130%2C%22ver%22%3A1%2C%22status%22%3A1%2C%[...]
[mj9e7qec.default-1412861329088\prefs.js] - Line Deleted : user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D[...]
[mj9e7qec.default-1412861329088\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14a4a3ba1a738a6c6dd3dbc93074ca11");
[mj9e7qec.default-1412861329088\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[mj9e7qec.default-1412861329088\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95

[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=dcc9f ... =110195&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?mntrId=dcc9f ... =110195&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={39EA73BB-CFBF-4AF8-AA6E-5B627BC88DD6}&mid=598b16b797d647d0a8dc7d3bcf8591c7-54db02f28a513088eb8c0a55ecd5dc7239f288e3&ds=tc011&lang=cs&v=13.2.0.5&pr=sa&d=2012-12-23 11:16:59&sap=dsp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... CWSTVEX&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omigaweb/?type=dspp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [20308 octets] - [29/10/2014 11:18:51]
AdwCleaner[R1].txt - [20369 octets] - [30/10/2014 15:05:30]
AdwCleaner[R2].txt - [18606 octets] - [29/12/2014 19:02:40]
AdwCleaner[R3].txt - [18667 octets] - [30/12/2014 11:46:43]
AdwCleaner[S0].txt - [20431 octets] - [30/10/2014 15:08:51]
AdwCleaner[S1].txt - [17252 octets] - [30/12/2014 11:52:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17313 octets] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martin on Łt 30.12.2014 at 12:01:01,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571143}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\mj9e7qec.default-1412861329088\prefs.js

user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_resource_853130.value", "%22data%3Aimage/png%3Bbase64%2CiVBORw0KGgoAA
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\mj9e7qec.default-1412861329088\minidumps [5 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 30.12.2014 at 12:09:49,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 30 pro 2014 13:25

A tu je RK:

RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Mód : Prohledat -- Datum : 12/30/2014 13:12:41

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 630e28ae9f3afa855e4bcd13221ca3da
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_10312014_185711.log - RKreport_SCN_10302014_164413.log - RKreport_SCN_10312014_185304.log


Log z MbAM jsem bohužel zapomněl exportovat.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod jaro3 » 30 pro 2014 19:05

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 30 pro 2014 21:14

Tu jsou logy:

Zoek:

Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by Martin on Łt 30.12.2014 at 19:37:55,99.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30.12.2014 19:39:17 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\McAfee Security Scan deleted successfully
C:\PROGRA~2\COMMON~1\PDF Architect deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Unlocker deleted successfully
C:\PROGRA~3\Anvil Studio deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Sony Ericsson deleted successfully
C:\PROGRA~3\SuperOvladac deleted successfully
C:\PROGRA~3\Symantec deleted successfully
C:\PROGRA~3\WinZipEC deleted successfully
C:\Users\Martin\AppData\Roaming\BitTorrent deleted successfully
C:\Users\Martin\AppData\Roaming\DartPro24 deleted successfully
C:\Users\Martin\AppData\Roaming\FastStone deleted successfully
C:\Users\Martin\AppData\Roaming\InstallShield deleted successfully
C:\Users\Martin\AppData\Roaming\ProcessLasso deleted successfully
C:\Users\Martin\AppData\Roaming\Smart PC Solutions deleted successfully
C:\Users\Martin\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 deleted successfully
C:\Users\Martin\AppData\Roaming\TP deleted successfully
C:\Users\Martin\AppData\Roaming\Youtube to MP3 Converter deleted successfully
C:\Users\Martin\AppData\Local\FluxSoftware deleted successfully
C:\Users\Martin\AppData\Local\Radek Chalupa deleted successfully
C:\Users\Martin\AppData\Local\Twins deleted successfully
C:\Users\Martin\AppData\Local\Wisdom-soft deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0e68d96b-9b43-4ca9-8515-1002bdf2c069} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{100F77A2-C60D-4D41-9031-09667A21530} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10d6b3db-a1a5-4c6b-8560-415af19c16ca} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{116C5C5B-5BAC-45B3-8787-7676E922984} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11F00568-7FBB-443F-A36F-C978DD4BB6CE} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1316B70D-FD9-4156-B2AF-72F368C5A963} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1480161D-92D4-421A-A52E-3ED83CAF9498} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1502B369-8F28-4B05-8089-C7B6498DF021} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15FBF656-1387-4596-A14C-4BFB1FE39295} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{160C527C-C8A2-4D16-8E45-538B7875A51} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{167CB40-FE42-4756-826-23691992519D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1748F8C0-782D-494F-BCF0-6AFF416361CD} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1819CC16-C5FD-49FA-A4D4-A1A3DF9BE934} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BC67805-1A96-43A8-A35C-953C5C5D20B2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20D938D3-6455-479F-8A2C-FAAE4897FD6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21531519-DEFC-4D0C-B254-4B81577A8AA6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22B35462-4940-4F7D-93DC-622EEBB0CFDC} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{232C017F-7E82-4146-B88B-E43C61844DC9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{235A4606-8580-4EB4-8D35-462853A99088} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{242784B-BC5E-44A0-86BE-3F412288FB27} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{257A759-91C4-4D27-8B73-C2EB9396822F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25A0FD-6F91-4C45-9235-A99F79A120D8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{288A71D4-E0D0-48C6-BBD5-4CE57157B092} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2983C707-13E-4D1F-B1D0-9A3DBDDBC221} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BA2F2F3-3085-4EFA-A021-989DBB9D9CAE} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C49C8DC-6426-4C6E-934F-DD56822D61C0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C84BE4-87F2-4083-A6ED-E415124C8E9B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EDDD5A5-15AA-4785-BEF-50E4E2C1EC77} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F4B476F-B6D3-4F46-A22C-85D9A73F14EA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{306CE7A8-9F39-4EF5-B5CC-167D56A7B541} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D8AE64-3DD6-4556-BB1-96629CA8EA7D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A3BD6A-96C8-4B96-B86E-58BF3AB1DFB8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3234BDEB-3A48-4680-BCF2-F11C5A6F9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3280B971-96DA-499A-9315-504241A945F2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3282D7C1-49E4-442F-AAC7-BE83552FCAF7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F598F-14A2-43BA-BDE0-E9E0FDDC73AE} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34C65ACF-B36A-465D-A5A3-C39098CECAF3} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34D7F89B-CAA2-4533-8F6A-F93A68F68EF1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3684771E-1309-415A-99B0-B3F1D141793} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37D19072-6D49-408F-91EE-C144798DC8FC} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39357F22-36BC-4829-9596-F5AD78453DB7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B4E048C-2E9C-487C-9B1C-7C16E7811EB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D395173-3A24-48B2-BD12-F713B161F088} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DA2A00B-EF1D-41C3-9258-206E515F13E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E90CC2A-F714-4A5A-B831-4D9A3837B98} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ED8B8E2-1A8F-46E3-BC88-67717F3FCF62} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{404149B3-F7D1-486D-90E4-573442CBF9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40FAFE1A-55F9-4C8C-9B4F-42753C76E17} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41DD3153-7EF9-4E54-B23F-39ECD3969545} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4209CDF-D1B6-4B13-9E4A-4A93AB2BD834} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4554A1A9-25A4-4BD1-AD22-549AF5EBFDAD} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46209E47-C07C-49EB-AD7E-72D3B91CBBB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47D16FD6-4C35-44B8-BCE0-3B8532C8FB8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48E22B45-480D-4340-9421-C2C5463FA5F1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{496FBB60-F147-4E0D-9B65-CD3BCFEA48C1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49C0A8DF-D855-4833-B5A4-CBC62F1E1B57} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A5176B4-D059-4E31-80DD-FFA25DF5A32C} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E3C9152-CD5A-434A-8E23-50924188320} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FFFBB0A-5966-440E-80DD-D8494409044} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51BF7374-32CE-49C6-99E7-CBDA1D90D5CC} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52568924-29DF-494F-AEB-8225FC66C38B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{536E738C-F61-43DA-B624-FCA2DCD98E4E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53C3B56D-2480-4BA6-87DC-464BC2BE4557} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53DF5B91-84C3-4877-9671-1EECD869798} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59BFD869-3397-42D3-B21A-2ECD79E5233F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B47266-AA32-42D1-9D83-E56DF7267372} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C5ED338-A8CA-4E61-A1E9-324DBDEC2BD2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CD1F01B-76F2-4CDF-B541-6D631C3CAE7A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FC1D89C-E210-440F-94A1-7556395E7C5} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60889C0B-9A88-4445-9514-664285511AC9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{619C799-AC9A-45EE-A6D9-9C85482549CA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E23B6D-81BC-4B22-9CE5-F9A62B9FE6BB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64200780-E5F1-4429-A5EB-F8EE3ECB3EB3} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64773005-F6DB-4219-9A57-864C57C6FBF} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64A5E0F7-A43D-4C7B-85A4-6076DCE17315} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64D6B979-7780-4EAC-8610-B078BA79ECF} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67236678-F6DF-4EE0-9CF7-7354BC1751D0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{692E1137-5376-488F-B9E3-601680D85D94} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B27F168-B7DA-4CCB-972F-90A4F6AEB5A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C1084BF-38B6-440D-B9DF-C25B36F875E2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C3D4D9C-49C6-4C46-99E2-69431D5F25E3} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E356F97-F232-4DBA-B11C-D5F2AD3B6ED7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F9F2426-5F73-4D6C-957-F995E47FF9B6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{705D071B-A1C5-439A-8DE5-25BB92898A5} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{717423DA-D3DD-4477-BF42-66B4794FC155} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{758D8F24-8579-49ED-BDCB-7E507FC741F8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{778282ED-ECA-484F-98F-9BEB21783BF0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78E45A67-517-48C7-B6A5-848E16B6383D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B2ABBFA-18F4-4FCC-98B7-20AA80607FA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B730C6F-F268-4C8A-A134-A8113016CF22} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C3D967B-44A5-4CCA-94B0-73BCE71E7BA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C558998-C26E-489C-AACE-EC35DBDB1FB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D77EDB4-948D-4652-9B6E-4C8692ADD9B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FEC1814-4A7A-46D0-8E2C-AF6A4FC3D35} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83DCF8E3-84D1-496E-8A40-38D8B63C23F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84574EEC-3AAD-434D-ACB3-2F33EF48924B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84BE2E11-185A-4AD0-A9E3-D4A2A0C6D9DC} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8669CAD9-E64F-497D-9E2B-26213C9DF5DB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86B2CD2F-B5D1-4FA0-A9C6-D0AF5CAB9DEF} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{870EFF58-5920-45F7-AF95-F5C84362DE2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8880EACA-FD8A-4BF5-87A7-159ED989179} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E2D499-8D5E-4671-8B33-1ECC174429A8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8915379E-84DF-48BD-BB7A-CE67739EA24A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89E35E45-B35C-4648-AA75-16CA61B9CCF} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B259924-12C1-4D0D-AE2E-49646B99ED54} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B44AD99-EC10-4540-93AA-D8BAEFF5D2B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B978D6D-62D7-4817-B1B3-49DF1D3974D0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CE7D8D3-2FE0-4527-B987-C816306D5870} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D6DBBE9-6AFE-4701-8B72-7DD6AC722E1C} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6B0AB2-74A8-4197-B972-61E3C1D7C483} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6BD75C-D64A-4E5A-903C-5D8960F9F4E0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EC55EF7-4DD5-4FDE-9FF1-56BC362B1F9F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EDCDD30-99E3-4931-A2E0-F31D454CD849} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F359C47-4FAB-40BA-9CCF-13181719603C} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F3B0AD1-8BC7-415F-9A3D-C82668D4C25} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9093BDD3-CDFF-4306-9882-65E79B449810} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{936101F8-59F6-4D4F-837E-CB8521FC6DB8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93B8D169-8765-4F6D-81A0-68FC158F719} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93D9A5DD-67A5-42D4-8C79-629BCDD424E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95256722-9BF3-40DF-A8F3-4676ED2C4C1B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{972BD8AC-3-42B0-8F16-ED566AD4D8F2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97508B52-981B-4979-83B-4BB0BD3B6AB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97BEFE0B-4F0C-4774-96B1-225F583DD077} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97C589E3-DC39-4E3E-9573-62CF1BF2F7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99026EC9-8DFB-4915-AF0-DCDFC682CDFE} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99DD9EE3-500C-454E-AA25-571CCC4A9BA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AF9DB1-822A-4A9E-ADF8-94E5FF6E219A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BA739DA-29DE-463F-BCF0-1CC4D1919AFE} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D1A4172-15D3-4884-9A33-6AD45B375935} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9EEDF297-F3C4-4308-AF83-5BC6526D7CA} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F2432A2-A785-49D6-8E1D-9D272AE7B5DC} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0E25418-E833-45E2-83D7-169A836A527A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3039F4-CCF4-4ED6-929-E9AD6DD412B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A358DDB1-BFCD-455C-A5A7-EB169B6BC597} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3E752F8-F7E9-498C-A480-2DAB7545C2E5} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A44854A1-B857-4B69-BC6B-3CBF3B28CADB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4785171-6C92-4F14-83B0-6B294135CB4D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A582F068-1BE6-4611-ABE9-759FAE831A7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A80BACC1-D312-4E27-B64A-F37DB96F3A2F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F29DAD-C8C7-47BE-BE73-8FD6B24B47} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A932C884-8F96-4E7B-ADC4-91BAE7AB634} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9EA08C-7D4E-4B5A-96C0-5461688C9A9B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA4412DE-42EF-4F98-B033-FADB25BF36DB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC1157E8-242F-46EA-B790-B0D7C8194DD9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC69135C-7BAC-455B-9C80-27D06FA73E87} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACD545A2-1897-41EF-876A-6BDA15850C6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACE39392-75FC-4A09-BE7F-EAC38E59C067} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEBBA041-574B-4FF9-B2E6-7D3A67799ED0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1D3F25B-41C2-4C2D-BD6A-D6A9C34E62F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3D6F3AD-4B0B-4BCC-B743-10FE3484F92} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3DD442B-F871-48DB-8F9C-72C1B5BC0A0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B51E2311-C7-4001-B3EF-B531F618F4E3} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5622040-9F38-4A68-A4A3-1F607FA6CC2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B620C762-ECB6-46E2-A4D0-A0CA71F1AC8D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6ECB638-4EB5-4358-A639-FB6814F420DB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B78F6B2F-F10C-4C8E-BE7C-C6190A74E5E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B86BEFF0-ADB4-40A6-8BC0-2C912ACBE3B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BC0F961-2850-4F10-A659-7AD7C4D4302C} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE965BBC-4E91-41F5-A027-A4979851B76E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C09F9BA3-7DB0-46C5-8D39-42C6EB6BB66B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1A86C98-B5F4-43D1-A8BC-FE1819ED5E4B} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3777E8F-DF4F-459F-BD80-A99553D6833} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5A000D7-1630-423E-B912-CEDB27CC10A9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9075A75-7683-4446-89C2-46514AA5C5A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C915A478-E2EA-4A49-9479-F2868C19524D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC50A0E6-5402-4EAC-B426-01135C2510} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC9A5ED-24C-454F-9AFB-5CC4C2EA8923} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF813E1D-CE1C-48E6-AFF9-8CA6C93B1017} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D16FCE99-F80C-49BD-B326-FA35564A1A9} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D173151D-55B9-47CD-AEA8-B9D921B4D815} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2396119-CCF6-4442-95B0-9D2AA50C17D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D25BF7F0-27BE-4575-A127-EE1877B3BAE7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3DAAEA6-A530-4FC2-80D5-9FC35B86A1C} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D425E257-252-4154-B1A6-C1C2FACC86AB} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D599B014-27D4-426F-A9AF-5FCF29DCE6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8D536AA-675E-4FC9-917C-2086C65361} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB16DC46-904E-4E70-9AF0-8F3C8D259278} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD289C33-D173-4740-8221-E2B1BFCEB73C} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD552276-DC7D-4AAA-841B-66B25EBB2FB1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dd75643c-ad6f-46ba-8cb3-0095c9761985} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E03672E1-3C7C-4CC2-99DB-3799809FA7F7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E03BAC98-4406-4B6A-B71A-174EA012C8F} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E085DCD9-1788-4C91-A82E-436C76C24B6D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A936C5-71F7-4C61-B5D4-E3C534A43369} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E166E8F0-5E15-46AD-8A35-45DCE70B9E6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E273D4DB-C66F-4EFB-B941-7725B9FEF38} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2BD8935-8AB2-4DDA-BE5C-B9738FD85EE} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3D119F2-EECF-4A34-978-106D174D7BE7} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5A35799-40CF-4FC1-9194-DB323281B12} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e7bf6812-2b76-40de-978a-0a5733ab2150} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9866FA-AE97-4B65-A2E5-328ECF547D18} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E996F3E-989A-4183-9676-FF47626DA15} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDD1750-E363-4E88-8AD0-D3409A9380A6} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE4B33B9-ED67-4FE1-A827-8E1C373DB267} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE7397C6-2804-4CBD-8CAC-156D7368909A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF68E15D-F76A-44E9-8935-E86BBC2E1E1} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFBEB3DE-22C4-43E3-8EBF-D284B444A486} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F072EF87-758B-4DE0-BA9D-51D78F5DA536} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25B59D2-3E14-44C1-9666-69771BD09071} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2AEFD68-34D9-4EBA-AF1E-365529832552} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F39A68D0-317C-4891-8A2B-E8B549512E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F583F2E4-BF85-4911-B532-B66C887C43D} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F605459D-FCF0-4A1A-8C23-D2C2DA1F24A2} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6E859FC-D5D6-4338-B562-6AA7544D7A8E} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB23C8AB-FE60-43CA-9BC0-E619D73F621} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB4557D5-B8D0-46CB-AAD1-F9A14DF918B0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB5FAADA-3367-4C59-AECE-70AF6A69B4B8} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FB81C175-AEA7-4632-8355-BE986D1660F0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD319F87-1BCE-4FC6-B4B1-72E37B33A0} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE16C38B-B636-42B0-8258-5C6C5627DE5A} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE3B7D04-E57-46B7-8BFE-4040F4AD126} deleted successfully
HKEY_USERS\S-1-5-21-1628778170-4223881759-3681946860-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF7DE18A-B39-4856-9B98-32B4DAC76EAC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js:
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088

user.js not found
---- Lines SourceApp removed from prefs.js ----
user_pref("extensions.SourceApp.asul", "1418586885654");
user_pref("extensions.SourceApp.aul", "1418586940008");
user_pref("extensions.SourceApp.irl", true);
user_pref("extensions.SourceApp.is", "smp1cz");
user_pref("extensions.SourceApp.ug", "AFF463F4-FC1D-40EF-B1A6-91EDE11B6C82");
---- Lines ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743 removed from prefs.js ----
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.active", true);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.addressbar", "NA");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.addressbarenhanced", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.asyncdb.was_copied", "true");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.asyncinternaldb.was_copied", "true");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.backgroundver", 1);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.certdomaininstaller", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.cookie.InstallationTime.value", "%221418582275%22");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000820%22
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.comad9676068985d
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.comad9676068985d
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.comasyncdb_dbWas
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.comasyncdb_dbWas
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.comasyncinternal
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.d9676068985d4d81bb390a@7be93ab3c8e144f694a0509d5.comasyncinternal
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.description", "Apps Hat is the cool new Android app store that he
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.domain", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.enablesearch", false);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.homepage", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.changeprevious", false);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.iframe", true);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.InstallationThankYouPage", false);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.InstallationTime", 1418582275);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.__defualt_browser__.value", "%22ch%22");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%2200082
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri F
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_regBundledWithSoftware.expiration"
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_appVer.value", "16");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_nextCheck.expiration", "Tue Dec 16 2014 00:4
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 20
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.internaldb.Resources_resource_853130.expiration", "Sun Mar 15 201
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.lastDailyReport", "1418665473059");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.lastUpdate", "1418665472972");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.manifesturl", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.name", "App Lid");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.newtab", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.opensearch", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.pluginsurl", "http://js.newstaticinfosrv.com/plugin/apps/65743/pl
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.pluginsversion", 12);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.publisher", "Lid");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.searchstatus", 0);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.setnewtab", false);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.thankyou", "");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.updateinterval", 360);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.65743.ver", 16);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.apps", "65743");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.bic", "14a4a3ba1a738a6c6dd3dbc93074ca11");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.cid", 65743);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.firstrun", false);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.hadappinstalled", true);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.installationdate", 1418584630);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.modetype", "production");
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.reportInstall", true);
user_pref("extensions.ad9676068985d4d81bb390a7be93ab3c8e144f694a0509d5com65743.statsDailyCounter", 2);
---- FireFox user.js and prefs.js backups ----

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 30 pro 2014 21:15

prefs_30.12.2014_2009_.backup

==== Deleting Files \ Folders ======================

C:\Users\Martin\Desktop\Soubory ze starého PC\Původní data aplikace Firefox\c1o3ofvf.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\softonic.ico not found
C:\Users\Martin\.android deleted
C:\PROGRA~2\6519e461-8775-4927-bfbf-e0f1c94d4ac0 deleted
C:\PROGRA~3\Sony Corporation deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [12.12.2014 10:09]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 11:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088
424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash
78006383FEDBCDC290B8BD178903D6AB - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21.11.2014 20:48]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Wikiwand - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj
Bookmark Manager - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Play - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi
Google Drive App Launcher - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Play Books - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb
Inbox - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl

==== Chromium Fix ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.geewa.com_0.localstorage deleted successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.geewa.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Start Page Before"="http://www.seznam.cz/?clid=16194"
"Default_Page_URL"="http://www.google.com"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Start Page Before"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{05D652A3-CBB1-4B9D-B388-C17D43F30CAD} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1B88AC43-E26E-4DC5-9AEB-EEA162584222} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194"
{3EA1C8D5-44D0-4FD6-A528-E875B81510D8} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194"
{46B9FBD5-587C-4634-8857-95AF087D63B8} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194"
{5B23572A-5CC7-4A30-9A9B-9661ED0FC6E2} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
{74937993-6C4F-4551-A107-109D3B6D8038} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194"
{D5F06B24-E0C1-4455-A295-FEEFDC0DCF49} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194"
{E0F1D1E1-00B3-4C5A-9916-17736AAD9190} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Martin\Desktop\Disk Google.lnk - C:\Users\Martin\Disk Google
C:\Users\Martin\Desktop\MuseScore.lnk - C:\Program Files (x86)\MuseScore\bin\mscore.exe
C:\Users\Martin\Desktop\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Users\Martin\Desktop\Watchtower Library 2013 - česky.lnk -
C:\Users\Martin\Desktop\hudební programy\AmazingMIDI.lnk -
C:\Users\Martin\Desktop\hudební programy\Anvil Studio 2012.lnk -
C:\Users\Martin\Desktop\hudební programy\ASUS Sonic Focus.lnk -
C:\Users\Martin\Desktop\hudební programy\Audacity.lnk -
C:\Users\Martin\Desktop\hudební programy\Audio Record Wizard.lnk -
C:\Users\Martin\Desktop\hudební programy\AudioScore Ultimate Demo.lnk -
C:\Users\Martin\Desktop\hudební programy\BPM Counter.lnk -
C:\Users\Martin\Desktop\hudební programy\CASIO SMF Converter.lnk -
C:\Users\Martin\Desktop\hudební programy\Cross DJ LE 2.4.0.lnk -
C:\Users\Martin\Desktop\hudební programy\intelliScore® Ensemble MP3 to MIDI Converter Demo.lnk -
C:\Users\Martin\Desktop\hudební programy\MagicScore Maestro 7.lnk -
C:\Users\Martin\Desktop\hudební programy\MagicScore Piano 7.lnk -
C:\Users\Martin\Desktop\hudební programy\MP3 Downloader.lnk -
C:\Users\Martin\Desktop\hudební programy\Mp3tag.lnk -
C:\Users\Martin\Desktop\hudební programy\Songr.lnk -
C:\Users\Martin\Desktop\hudební programy\VirtualDJ Home FREE.lnk -
C:\Users\Martin\Desktop\hudební programy\Wav-2-Midi.lnk -
C:\Users\Martin\Desktop\hudební programy\Windows Audio Recorder Professional.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\aTube Catcher.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\ConvertXtoDVD 4.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\ConvertXToDVD 5.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\Freemake Video Converter.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\HD Writer AE 3.0.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\iWisoft Free Video Converter.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\LifeFrame.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\Nero StartSmart Essentials.lnk -
C:\Users\Martin\Desktop\programy pro vypalování a úpravu videa\Video Search.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Adobe Photoshop CS5.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Focus Magic.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Format Factory.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\GIMP 2.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\LifeFrame.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\PhotoFiltre 7.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Picasa 3.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\ScreenHunter 6.0 Free.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Zoner Photo Studio 13 FREE.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Zoner Photo Studio 14 x64.lnk -
C:\Users\Martin\Desktop\programy pro úpravu fotek\Zoner Photo Studio 14.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Zástupce - Dokumenty.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\Foto\Windows Media Player.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\Hudba\Audacity 1.3 Beta (Unicode).lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\Hudba\PC.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\Kancelář Studium\Excel.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\Kancelář Studium\Word.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\PC programy\Nero StartSmart.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\OpenOffice.org 2.0 Installation Files\Nový objekt - Aktovka\Koš.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\OpenOffice.org 2.0 Installation Files\Nový objekt - Aktovka\Outlook Express.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\Sklad\OpenOffice.org 2.0 Installation Files\Nový objekt - Aktovka\Pinball.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\staženo internet\OpenOffice.org Base.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\staženo internet\OpenOffice.org Draw.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\staženo internet\OpenOffice.org Writer.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\staženo internet\Picasa 3.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\staženo internet\VAmcap.lnk -
C:\Users\Martin\Desktop\Soubory ze starého PC\Jirka dokumenty\staženo internet\Z00MV.lnk -
C:\Users\UpdatusUser\Desktop\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AirDroid.lnk - C:\Program Files (x86)\AirDroid\AirDroid.exe
C:\Users\Public\Desktop\Anvil Studio.lnk - C:\Windows\Installer\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}\_C82259C8ED756D6DA51E46.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll

==== shortcuts in Users Start Menu ======================

C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Chrome Apps & Extensions Developer Tool.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Google Keep – poznámky a seznamy.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Hudba Google Play.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Flashtool.lnk - C:\Flashtool\FlashTool.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Flashtool64.lnk - C:\Flashtool\FlashTool64.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Uninstall Flashtool.lnk - C:\Flashtool\uninstall.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\winrar.chm
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1029-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvil Studio 2015.lnk - C:\Windows\Installer\{CB7212EA-21F9-4EF4-B289-9D69E28EE68D}\_0D16B50D6E17EAB2DA417F.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid\Uninstall.lnk - C:\Program Files (x86)\AirDroid\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flying Model Simulator\Visit FMS official website.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Odinstalovat aplikaci Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiGet Software Manager\Run MaxiGet Software Manager.lnk - C:\Program Files (x86)\MaxiGet Software Manager\MaxiGet Software Manager.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiGet Software Manager\Unisntall MaxiGet Software Manager.lnk - C:\Program Files (x86)\MaxiGet Software Manager\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe SecurityScanner.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Odinstalovat.lnk - C:\Program Files\McAfee Security Scan\uninstall.exe C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite\Nokia PC Suite.lnk - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite\Odinstalovat aplikaci Nokia PC Suite.lnk - C:\ProgramData\Installations\{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}\Nokia_PC_Suite_ALL.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite\Uživatelská příručka k softwaru Nokia PC Suite.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Konfigurovat Prohlížeč fotek Picasa.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Odinstalovat.lnk - C:\Program Files (x86)\Google\Picasa3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Software Informer.lnk - C:\Program Files\Software Informer\softinfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Uninstall Software Informer.lnk - C:\Program Files\Software Informer\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk - C:\Program Files (x86)\SpeedFan\speedfan.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk - C:\Program Files (x86)\SpeedFan\speedfan.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verdict Free\Internetový překladač.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\winrar.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AirDroid.lnk - C:\Program Files (x86)\AirDroid\Launcher.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hry zdarma ke stažení.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk - C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pohádky zdarma ke stažení.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Poklady ostrova záhad.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Audio Recorder Professional.lnk - C:\Program Files (x86)\Windows Audio Recorder Professional\war.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 13 FREE.lnk - C:\Program Files (x86)\Zoner\Photo Studio 13\Program32\Zps.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 14 x64.lnk - C:\Program Files\Zoner\Photo Studio 14\Program64\Zps.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 14.lnk - C:\Program Files\Zoner\Photo Studio 14\Program32\Zps.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\360Amigo System Speedup.lnk - C:\Program Files (x86)\360Amigo\360Amigo.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Audacity.lnk - C:\Program Files (x86)\Audacity\audacity.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG PC Suite.Lnk - C:\Program Files (x86)\LG Electronics\LG PC Suite\LGPCSuite.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Unified Remote.lnk - C:\Program Files (x86)\Unified Remote\RemoteServer.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Změna přípon.lnk -
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --remote-debugging-port=9223
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice 4.1.1.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AirDroid.lnk - C:\Program Files (x86)\AirDroid\Launcher.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Martin\AppData\Local\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=324 folders=90 72553328 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Łt 30.12.2014 at 20:20:23,45 ======================

Nitram3
Level 2
Level 2
Příspěvky: 215
Registrován: srpen 14
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod Nitram3 » 30 pro 2014 21:16

Combofix:

ComboFix 14-12-30.01 - Martin 30.12.2014 20:36:01.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.2363 [GMT 1:00]
Spuštěný z: c:\users\Martin\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ABBYY FineReader 9.0 Sprint\6519e461-8775-4927-bfbf-e0f1c94d4ac0.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\_ctypes.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\_elementtree.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\_hashlib.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\_multiprocessing.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\_socket.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\_ssl.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\hashobjs_ext.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\pyexpat.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\pysqlite2._sqlite.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\python27.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\pythoncom27.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\PyWinTypes27.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\select.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\unicodedata.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32api.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32com.shell.shell.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32crypt.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32event.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32file.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32gui.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32inet.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32pdh.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32pipe.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32process.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32profile.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32security.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\win32ts.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\windows._lib_cacheinvalidation.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._animate.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._controls_.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._core_.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._gdi_.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._html2.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._misc_.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._windows_.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wx._wizard.pyd
c:\users\Martin\AppData\Local\Temp\_MEI54282\wxbase294u_net_vc90.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\wxbase294u_vc90.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\wxmsw294u_adv_vc90.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\wxmsw294u_core_vc90.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\wxmsw294u_html_vc90.dll
c:\users\Martin\AppData\Local\Temp\_MEI54282\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-11-28 do 2014-12-30 )))))))))))))))))))))))))))))))
.
.
2014-12-30 19:51 . 2014-12-30 19:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-12-30 19:51 . 2014-12-30 19:51 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2014-12-30 19:51 . 2014-12-30 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-30 19:18 . 2014-12-30 18:37 24064 ----a-w- c:\windows\zoek-delete.exe
2014-12-30 19:18 . 2014-12-30 19:52 -------- d-----w- c:\users\Martin\AppData\Local\Temp
2014-12-30 19:00 . 2014-12-30 19:02 -------- d-----w- C:\be98bb6f3879fcecc054584e550a22
2014-12-29 19:01 . 2014-12-29 19:04 -------- d-----w- C:\302894ec1ad9fa1131
2014-12-29 18:13 . 2014-12-30 11:18 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-29 18:12 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-29 18:12 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-29 18:12 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-29 18:12 . 2014-12-29 18:12 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-25 08:11 . 2014-12-25 08:11 -------- d-sh--w- c:\users\Martin\AppData\Local\EmieBrowserModeList
2014-12-24 18:25 . 2014-12-24 18:25 -------- d-----w- c:\program files\McAfee Security Scan
2014-12-22 08:35 . 2014-12-24 18:25 -------- d-----w- c:\programdata\McAfee Security Scan
2014-12-22 08:35 . 2014-12-22 08:35 -------- d-----w- c:\programdata\McAfee
2014-12-21 12:43 . 2014-12-21 12:43 -------- d-----w- c:\program files (x86)\Anvil Studio 2015
2014-12-20 13:43 . 2014-12-20 13:44 -------- d-----w- c:\users\Martin\AppData\Local\ElevatedDiagnostics
2014-12-18 19:23 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 19:23 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-14 19:15 . 2014-12-14 19:15 42152 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2014-12-14 18:34 . 2014-12-16 13:55 -------- d-----w- c:\program files (x86)\Winhotspot
2014-12-13 19:07 . 2014-12-13 19:07 -------- d-----w- c:\users\Martin\AppData\Local\Chris_Pietschmann_(http__
2014-12-13 19:00 . 2014-12-14 14:23 -------- d-----w- c:\program files (x86)\Virtual Router
2014-12-12 09:10 . 2014-11-21 19:48 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-10 19:37 . 2014-12-10 19:37 -------- d-----w- c:\windows\system32\appraiser
2014-12-10 19:02 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-10 19:02 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 19:02 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-10 19:02 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2014-12-10 19:02 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2014-12-10 19:02 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2014-12-10 19:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 19:02 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll
2014-12-10 19:02 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2014-12-10 19:02 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-10 11:18 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 11:18 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-12-10 11:18 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 11:18 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 11:18 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 11:18 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 11:18 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 11:18 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 11:18 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 11:18 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 11:18 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-10 11:18 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-10 11:15 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 11:15 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-10 11:15 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 11:14 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 11:14 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 11:14 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 11:14 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-10 11:14 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 11:14 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 11:14 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 11:14 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-10 11:14 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-06 12:06 . 2014-12-20 13:32 -------- d-----w- c:\program files (x86)\AirDroid
2014-12-05 16:20 . 2011-05-05 18:30 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-30 19:53 . 2011-11-16 11:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-12-30 12:03 . 2014-10-30 15:07 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-29 11:35 . 2012-04-14 07:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-29 11:35 . 2012-04-14 07:41 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 19:07 . 2012-04-26 12:24 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-02 10:26 . 2014-12-30 09:04 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D692D9AF-59E6-4418-8575-78962215EE73}\mpengine.dll
2014-11-24 13:04 . 2012-05-06 05:37 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 14:25 . 2013-05-13 09:37 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 19:48 . 2014-06-07 07:48 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-21 19:48 . 2013-12-23 15:47 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-21 19:48 . 2013-05-13 09:37 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-21 19:48 . 2013-05-13 09:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-21 19:48 . 2013-05-13 09:37 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 19:48 . 2013-03-03 06:45 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-21 19:48 . 2013-03-03 06:45 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 19:48 . 2014-11-21 19:48 43152 ----a-w- c:\windows\avastSS.scr
2014-11-11 03:08 . 2014-11-19 08:14 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 08:14 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 08:14 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 08:14 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 17:50 . 2014-11-04 17:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 02:03 . 2014-12-10 11:15 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-25 01:57 . 2014-11-12 08:05 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 08:05 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 08:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 08:05 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 15:32 . 2014-10-14 15:32 1174979 ----a-w- c:\windows\unins000.exe
2014-10-14 02:16 . 2014-11-12 08:08 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 08:08 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 08:05 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 08:08 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 08:08 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 08:08 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 08:08 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 08:05 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 08:08 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 08:08 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 08:08 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 08:05 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 08:05 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 08:05 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 08:05 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 08:05 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 08:05 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 08:05 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 08:05 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 08:05 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2010-01-26 10:11 . 2013-01-18 20:37 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-20 10:07 220632 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-20 10:07 220632 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-20 10:07 220632 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2014-10-02 333008]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
"AirDroid 3"="c:\program files (x86)\AirDroid\AirDroid.exe" [2014-12-20 11012608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-09 984400]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-14 5227112]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 2117632]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 oodivd;O&O DiskImage Virtual Devices Driver;c:\windows\system32\DRIVERS\oodivd.sys;c:\windows\SYSNATIVE\DRIVERS\oodivd.sys [x]
R0 oodivdh;oodivdh;c:\windows\system32\DRIVERS\oodivdh.sys;c:\windows\SYSNATIVE\DRIVERS\oodivdh.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 CCUSBMIDI;CASIO USB MIDI;c:\windows\system32\Drivers\ccusbmid.sys;c:\windows\SYSNATIVE\Drivers\ccusbmid.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys;c:\program files (x86)\RMClock\RTCore64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
R3 uvhid;Unified Virtual HID;c:\windows\system32\DRIVERS\uvhid.sys;c:\windows\SYSNATIVE\DRIVERS\uvhid.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 chromoting;Služba Vzdálené plochy Chrome;c:\program files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe;c:\program files (x86)\Google\Chrome Remote Desktop\40.0.2214.44\remoting_host.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 10:01 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 11:35]
.
2013-05-13 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job
- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15 18:42]
.
2014-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-30 15:33]
.
2014-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-30 15:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-20 10:08 244696 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-20 10:08 244696 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-20 10:08 244696 ----a-w- c:\users\Martin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-21 19:48 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-07-30 1214608]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\mj9e7qec.default-1412861329088\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
BHO-{11111111-1111-1111-1111-110611571143} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODI07.00.00.01PRO"="D3398256296DC673730857ADD0552670FCDE9267E6C6AF2BF5865340DDF15354B9955476B22F16B1F9EC1151D9BA61AA98B0C23582FD26E1C95D24CC1A6C4AEA876F8D3A31EB6905550FDC631FCFE7EADA542C4706E4502E401C5AE01C88862B666A672248D6C581ED5916F58F62F2A8079FED5DCF81BC88191F7A0ECDA58BAB358C68AE11C743FDDC9D6B9B1163D01A94CBFDBB31FE8EA549295E690E47724584C2EF68163C8E15700FDF6B7DE6E1BBAEF6A1AA72297B86F8E0B00DB013E397995AAED858D167272C474A81A0A61C4E35A1F5774B73CCE985CF7495FC55A083EE89AC0F4C4DA1D5C541547D3BFE09D53CB1EAF3EB72E255FEE67D26ACFBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA6171C11EC38DE3DA9C6AECB7A5D140704CD1F14D4620BAA937BAA3AF210AF3C3031D9D0FBD271F3B1C0B9AA15EFCA042522F87FB70F21ABF58C0E09F15E4E1AD5AC289D81CD825502DDF768BF516A35D3FA41A7563930EA20BB3C03C89745A3E52354684BB98128D27FA087EE2A8CA0907641C918C99D58E6A67E6C45F7861FABD242212BC20DAC03A354BF99B61E9EEFF27A86B7AEC484B52DD27289397877863E0C1C47173AC4870FEBAD8B3780AC9B959F64475672250A7666A188A0F63BE9AA7E0F99E8117BE7C76ED1E26E87EBD04799CBA7376894766A21EB0CF1511EDDA31D166FED0D7BC1999D919224FC20E1B2020A92485DD0A1361929B076C9F7FC751CB06A629D1444136B33E0A39EB4B1C829D193087BFA454A1D9367FC98C075B36443800528B9B5887CE468BD9C33BC3D93B78A7660D9AFDD2CC87557E6990D351513FC9704056B8F2DB69A449B4E8D8876B5A9171FD6C3E77ACBF1D955459812FECDF9617D3052848C1CB51136DBC66740287A733C80F7A7F0824BDEF6A984A92780ECAB541C6C865AEE54FEF7529DD80ED05998B288549C2DB7C14451D24F1EC7219A473D4C4CF710EADF6CE1515B21B4D6F2966FC37A0C7E99696BE06F0E554E859B065F6A1C8057AF963EEA18DBC8BAC04E82D52E9A00EABB2BB993D066F85BE85EBDD63F960B0DC28BDC790B121D5CFC42F43B63FAC52892C51ACD701578466A25C8B4BD0C47468C2631EBB4032C0A5E798A69A6766D25F847F8E5676785168F8588FB77602847D821AE14C0C7CB651874E29F5DFACC822F16482675C0158BBD68DBA4268D640D580AC4B4010E93C6C487A48E128B7C92D4EAFD4F7C9A6315418D2D9BA49E76C31FC46F8969955FBAE25AF65C723D5ADFF2529291847E6CD9C805E3BFF2B31F4FA509273D9336CE7F526807A3CF3B86A7722C8597380DF33369B4F0E5350261C4C85F6D723C56C688D78005729F446757212FD679E5F7FE"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2014-12-30 21:03:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-12-30 20:03
.
Před spuštěním: Volných bajtů: 195 543 293 952
Po spuštění: Volných bajtů: 194 897 395 712
.
- - End Of File - - BF6C0504F409DF054B68C1D1F4B4AD16

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu z HJT

Příspěvekod jaro3 » 31 pro 2014 10:29

Odinstaluj:
McAfee Security Scan


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 19 hostů