Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:00, on 5.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Radek\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F. ... qVjIdBEJQ,,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [Nginx] C:\Program Files (x86)\Nginx\shortcut.lnk
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\Saophase\tqkr3tex.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: ITHelper service (ITHelper) - Unknown owner - C:\ProgramData\ITHelper\ITHelper (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service 1.0.24 (NYW41) - Unknown owner - C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Saophase - Unknown owner - C:\ProgramData\Saophase\Saophase (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11203 bytes
Prosím o kontrolu logu - saophase
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - saophase
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Prosím o kontrolu logu - saophase
Dobrý den,
mnohokrát děkuji za rychlou odpověď. Zde jsou logy:¨
# AdwCleaner v5.005 - Logfile created 05/09/2015 at 14:14:29
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Radek - RADEK-PC
# Running from : C:\Users\Radek\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ftb
Folder Found : C:\ProgramData\saophase
Folder Found : C:\Users\Radek\AppData\Local\slimware utilities inc
***** [ Files ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
File Found : C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\searchplugins\findit.xml
***** [ Shortcuts ] *****
Shortcut Infected : C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.oursurfing.com/?type=sc&ts=1 ... 2205322053 )
***** [ Scheduled tasks ] *****
Task Found : snp
Task Found : snf
Task Found : UNELEVATE_5740
***** [ Registry ] *****
Value Found : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SensePlus-bg.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
Key Found : HKLM\SOFTWARE\08347c3e-cb36-4cba-af68-9c1dfaf6d1ca
Key Found : HKLM\SOFTWARE\4abc6713-790b-4b06-8b9b-8369f5fc3bc7
Key Found : HKLM\SOFTWARE\654b423a-fbde-47cf-aed8-7db6b1e776b9
Key Found : HKLM\SOFTWARE\a7174c60-f4d9-41d1-8574-f4da3417acd8
Key Found : HKLM\SOFTWARE\fb723689-6ff5-884f-5b1d-98953927b5a8
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\SimpleFiles
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\Kromtech
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\SecureWebChannel
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\SecureWeb
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\SimpleFiles
Key Found : [x64] HKCU\Software\Appscion
Key Found : [x64] HKCU\Software\Kromtech
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Key Found : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Saophase\tqkr3tex.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Saophase\3oywsxx0.dll
***** [ Web browsers ] *****
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : feed.snapdo.com
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.oursurfing.com/webfavicon.ico
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5382 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 5.9.2015
Čas skenování: 14:16
Protokol: Malwarebytes scan log.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.09.05.03
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 355599
Uplynulý čas: 9 min, 8 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 2
PUP.Optional.Linkury, C:\ProgramData\Saophase\1gkokvas.exe, 5976, , [153271bb088354e217c08b835aa96e92]
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.exe, 2840, , [153271bb088354e217c08b835aa96e92]
Moduly: 1
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.dll, , [153271bb088354e217c08b835aa96e92],
Klíče registru: 5
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, , [64e3909c5f2c2b0b640264349f65946c],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, , [98af2309e3a87abcadbaa2f61ce811ef],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [d374e24a3c4f2f07f0471160fc08cb35],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE, , [a0a7f13bf695f046f9852771a85cef11],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [390e220ad2b9f046d1252cf79b6860a0],
Hodnoty registru: 9
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [d374e24a3c4f2f07f0471160fc08cb35]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [52f50626b7d44aece55399d8719355ab]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [03445bd17912013541f8155cc341f40c]
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE|ImagePath, C:\ProgramData\Saophase\Saophase, , [a0a7f13bf695f046f9852771a85cef11]
PUP.Optional.Linkury, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F. ... nnelid=999, , [a3a4969627643303f364316736ceb14f]
PUP.Optional.Linkury, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\ENVIRONMENT|SNF, C:\ProgramData\Saophase\snp.sc, , [9bac4ddf8a01fc3a263087113aca8f71]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [390e220ad2b9f046d1252cf79b6860a0]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [7fc8f735ee9df145e055d998857fe31d]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [7bcc2efe8ffc4beb93a361107c8855ab]
Data registru: 9
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Saophase\3oywsxx0.dll, Dobré: (), Špatné: (C:\ProgramData\Saophase\3oywsxx0.dll),,[153271bb088354e217c08b835aa96e92]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Saophase\tqkr3tex.dll, Dobré: (), Špatné: (C:\ProgramData\Saophase\tqkr3tex.dll),,[153271bb088354e217c08b835aa96e92]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[eb5c87a5c6c5f44234c4d38e976e5fa1]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[ca7d36f6b5d63ff719d94e138c799967]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F. ... VjIdBEJQ,,, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6E%61%70%64%6F. ... qVjIdBEJQ,,),,[ea5d17153e4deb4b0ce7c39ed82db44c]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[c87f36f6a6e5ff378270e67b10f5fd03]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[1d2a2903fe8dee48f2004021907530d0]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[df68dd4f0e7d41f5ca2ac29ff312619f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[2324929a7d0e3204589dbfa2b94c3cc4]
Složky: 3
PUP.Optional.Linkury, C:\ProgramData\Saophase, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ondemand, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\temp, , [153271bb088354e217c08b835aa96e92],
Soubory: 33
PUP.Optional.Linkury, C:\Windows\Temp\tmpF0E6.tmp, , [db6cde4ec9c258deaa88159e7a870ff1],
PUP.Optional.Linkury.ShrtCln, C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\searchplugins\findit.xml, , [1f287ab292f9ab8be1a8452ec440bf41],
PUP.Optional.Linkury.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml, , [8abdcd5f9fec60d6fa90433029dbf907],
PUP.Optional.Linkury, C:\Windows\System32\Tasks\snf, , [380f6bc1276416209eb2f6a25fa5dc24],
PUP.Optional.Linkury, C:\Windows\System32\Tasks\snp, , [a1a6d15b404b81b568e9a0f81ee6d927],
PUP.Optional.Linkury, C:\ProgramData\Saophase\0suzvwy2.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\0suzvwy2.dll.bck, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\1gkokvas.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\1gkokvas.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\3oywsxx0.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\c3gmlcjz.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\c3gmlcjz.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\conf.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\Config.xml, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\cysltag2.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\fadz2fhx.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\fadz2fhx.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ff.HP, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ff.NT, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ouare5ul.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\peni5fwg.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\PrxCfg.xml, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\qcyszy1l.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\qcyszy1l.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\qhxwyjlh.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\snp.sc, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\tqkr3tex.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\uqiempnq.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\vmulxkc1.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury.ShrtCln, C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\ProgramData\Saophase\ff.NT");), ,[1d2ac16be9a2e84eb1231683c73efe02]
PUP.Optional.Linkury.ShrtCln, C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js, Dobré: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Špatné: (browser.startup.homepage", "C:\ProgramData\Saophase\ff.HP), ,[a89f49e34c3f6cca9cbfeab6679ef709]
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
mnohokrát děkuji za rychlou odpověď. Zde jsou logy:¨
# AdwCleaner v5.005 - Logfile created 05/09/2015 at 14:14:29
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Radek - RADEK-PC
# Running from : C:\Users\Radek\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ftb
Folder Found : C:\ProgramData\saophase
Folder Found : C:\Users\Radek\AppData\Local\slimware utilities inc
***** [ Files ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
File Found : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
File Found : C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\searchplugins\findit.xml
***** [ Shortcuts ] *****
Shortcut Infected : C:\Users\Radek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.oursurfing.com/?type=sc&ts=1 ... 2205322053 )
***** [ Scheduled tasks ] *****
Task Found : snp
Task Found : snf
Task Found : UNELEVATE_5740
***** [ Registry ] *****
Value Found : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Key Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SensePlus-bg.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
Key Found : HKLM\SOFTWARE\08347c3e-cb36-4cba-af68-9c1dfaf6d1ca
Key Found : HKLM\SOFTWARE\4abc6713-790b-4b06-8b9b-8369f5fc3bc7
Key Found : HKLM\SOFTWARE\654b423a-fbde-47cf-aed8-7db6b1e776b9
Key Found : HKLM\SOFTWARE\a7174c60-f4d9-41d1-8574-f4da3417acd8
Key Found : HKLM\SOFTWARE\fb723689-6ff5-884f-5b1d-98953927b5a8
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\SimpleFiles
Key Found : HKCU\Software\Appscion
Key Found : HKCU\Software\Kromtech
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\SecureWebChannel
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\SecureWeb
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\SimpleFiles
Key Found : [x64] HKCU\Software\Appscion
Key Found : [x64] HKCU\Software\Kromtech
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Key Found : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Saophase\tqkr3tex.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Saophase\3oywsxx0.dll
***** [ Web browsers ] *****
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : feed.snapdo.com
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.oursurfing.com/webfavicon.ico
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5382 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 5.9.2015
Čas skenování: 14:16
Protokol: Malwarebytes scan log.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.09.05.03
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 355599
Uplynulý čas: 9 min, 8 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 2
PUP.Optional.Linkury, C:\ProgramData\Saophase\1gkokvas.exe, 5976, , [153271bb088354e217c08b835aa96e92]
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.exe, 2840, , [153271bb088354e217c08b835aa96e92]
Moduly: 1
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.dll, , [153271bb088354e217c08b835aa96e92],
Klíče registru: 5
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snf, , [64e3909c5f2c2b0b640264349f65946c],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\snp, , [98af2309e3a87abcadbaa2f61ce811ef],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [d374e24a3c4f2f07f0471160fc08cb35],
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE, , [a0a7f13bf695f046f9852771a85cef11],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [390e220ad2b9f046d1252cf79b6860a0],
Hodnoty registru: 9
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [d374e24a3c4f2f07f0471160fc08cb35]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [52f50626b7d44aece55399d8719355ab]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [03445bd17912013541f8155cc341f40c]
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE|ImagePath, C:\ProgramData\Saophase\Saophase, , [a0a7f13bf695f046f9852771a85cef11]
PUP.Optional.Linkury, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F. ... nnelid=999, , [a3a4969627643303f364316736ceb14f]
PUP.Optional.Linkury, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\ENVIRONMENT|SNF, C:\ProgramData\Saophase\snp.sc, , [9bac4ddf8a01fc3a263087113aca8f71]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [390e220ad2b9f046d1252cf79b6860a0]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [7fc8f735ee9df145e055d998857fe31d]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, , [7bcc2efe8ffc4beb93a361107c8855ab]
Data registru: 9
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Saophase\3oywsxx0.dll, Dobré: (), Špatné: (C:\ProgramData\Saophase\3oywsxx0.dll),,[153271bb088354e217c08b835aa96e92]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Saophase\tqkr3tex.dll, Dobré: (), Špatné: (C:\ProgramData\Saophase\tqkr3tex.dll),,[153271bb088354e217c08b835aa96e92]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[eb5c87a5c6c5f44234c4d38e976e5fa1]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[ca7d36f6b5d63ff719d94e138c799967]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F. ... VjIdBEJQ,,, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6E%61%70%64%6F. ... qVjIdBEJQ,,),,[ea5d17153e4deb4b0ce7c39ed82db44c]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[c87f36f6a6e5ff378270e67b10f5fd03]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[1d2a2903fe8dee48f2004021907530d0]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... Hh7Kg,,&q={searchTerms}),,[df68dd4f0e7d41f5ca2ac29ff312619f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[2324929a7d0e3204589dbfa2b94c3cc4]
Složky: 3
PUP.Optional.Linkury, C:\ProgramData\Saophase, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ondemand, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\temp, , [153271bb088354e217c08b835aa96e92],
Soubory: 33
PUP.Optional.Linkury, C:\Windows\Temp\tmpF0E6.tmp, , [db6cde4ec9c258deaa88159e7a870ff1],
PUP.Optional.Linkury.ShrtCln, C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\searchplugins\findit.xml, , [1f287ab292f9ab8be1a8452ec440bf41],
PUP.Optional.Linkury.ShrtCln, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml, , [8abdcd5f9fec60d6fa90433029dbf907],
PUP.Optional.Linkury, C:\Windows\System32\Tasks\snf, , [380f6bc1276416209eb2f6a25fa5dc24],
PUP.Optional.Linkury, C:\Windows\System32\Tasks\snp, , [a1a6d15b404b81b568e9a0f81ee6d927],
PUP.Optional.Linkury, C:\ProgramData\Saophase\0suzvwy2.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\0suzvwy2.dll.bck, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\1gkokvas.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\1gkokvas.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\3oywsxx0.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\c3gmlcjz.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\c3gmlcjz.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\conf.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\Config.xml, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\cysltag2.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\fadz2fhx.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\fadz2fhx.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ff.HP, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ff.NT, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\ouare5ul.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\peni5fwg.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\PrxCfg.xml, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\qcyszy1l.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\qcyszy1l.exe.config, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\qhxwyjlh.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\Saophase.exe, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\snp.sc, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\tqkr3tex.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\uqiempnq.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury, C:\ProgramData\Saophase\vmulxkc1.dll, , [153271bb088354e217c08b835aa96e92],
PUP.Optional.Linkury.ShrtCln, C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js, Dobré: (), Špatné: (user_pref("browser.newtab.url", "C:\ProgramData\Saophase\ff.NT");), ,[1d2ac16be9a2e84eb1231683c73efe02]
PUP.Optional.Linkury.ShrtCln, C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js, Dobré: (browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Špatné: (browser.startup.homepage", "C:\ProgramData\Saophase\ff.HP), ,[a89f49e34c3f6cca9cbfeab6679ef709]
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - saophase
V Adw a Mbam nech vše smazat a dodej logy po smazání
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Prosím o kontrolu logu - saophase
# AdwCleaner v5.005 - Logfile created 05/09/2015 at 17:54:52
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Radek - RADEK-PC
# Running from : C:\Users\Radek\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ftb
[-] Folder Deleted : C:\ProgramData\saophase
[-] Folder Deleted : C:\Users\Radek\AppData\Local\slimware utilities inc
***** [ Files ] *****
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
[-] File Deleted : C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\searchplugins\findit.xml
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : snp
[-] Task Deleted : snf
[-] Task Deleted : UNELEVATE_5740
***** [ Registry ] *****
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SensePlus-bg.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\08347c3e-cb36-4cba-af68-9c1dfaf6d1ca
[-] Key Deleted : HKLM\SOFTWARE\4abc6713-790b-4b06-8b9b-8369f5fc3bc7
[-] Key Deleted : HKLM\SOFTWARE\654b423a-fbde-47cf-aed8-7db6b1e776b9
[-] Key Deleted : HKLM\SOFTWARE\a7174c60-f4d9-41d1-8574-f4da3417acd8
[-] Key Deleted : HKLM\SOFTWARE\fb723689-6ff5-884f-5b1d-98953927b5a8
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\Appscion
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\SimpleFiles
[!] Key Not Deleted : [x64] HKCU\Software\Appscion
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
***** [ Web browsers ] *****
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.snapdo.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.oursurfing.com/webfavicon.ico
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5413 bytes] ##########
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 5.9.2015
Čas skenování: 17:58
Protokol: Malwarebytes scan log.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.09.05.04
Databáze rootkitů: v2015.08.16.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 355749
Uplynulý čas: 10 min, 11 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
RogueKiller V10.10.4.0 (x64) [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Started from : C:\Users\Radek\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 09/05/2015 18:24:26
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] malwarebytes.exe(2872) -- C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe[-] -> Zastaveno [TermProc]
¤¤¤ Registry : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ITHelper (C:\ProgramData\ITHelper\ITHelper) -> Nalezeno
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NYW41 ("C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe" "/s") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ITHelper (C:\ProgramData\ITHelper\ITHelper) -> Nalezeno
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NYW41 ("C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe" "/s") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ITHelper (C:\ProgramData\ITHelper\ITHelper) -> Nalezeno
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NYW41 ("C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe" "/s") -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Saophase\3oywsxx0.dll [x] -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Saophase\tqkr3tex.dll [x] -> Nalezeno
¤¤¤ Úlohy : 3 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\PZOHSQ.job -- C:\Users\Radek\AppData\Roaming\PZOHSQ.exe (/infocmdline=TTQCgENqWZrOgTvLTjEJ6vpN8w3T4QYTM75mPEL5KIJnnfTKHviGlYTNDG4Q+ywiZ9WoKGqXSfVjCT6qTWbw2UHGpL62sVTPf5L/NTwheYZZokhxfc2Mbh58ELOaZdSVLIJPIAoiV2P3KCpDMpf81bfpDBqsVJ7tt+GLFDMM3LKyWHRGSasAdVLVwBr4qfezYSfj+24xRujnJ46QHL7EZzSSv/UH69e5PFEcCG3FxSCqR8h9fiGBtQ+ht4DFbHDYcYqBMlB+vEIxggRUf9bxSGZdAZfvePZ0e2dx/bBZnNXj8gbdvG/R1fjGcnN5peuIMsLBVWDMnEqVH2TcfqOrIGAt8Y1d/QikSL7Xrwq1Ce6v0OaHlQBYVQvogG92mJ78VC0zk8SbpTjTP3Ylk3xs/G90b71kpdi5HUCOPDpIT+uWyswWNW3ABi7hFtyhJATA33MoTwQUazyn2Gf8J2AoEcbutyXMHLVnr5eIdLSZvJnyRjHFA+jV9dzDHF9dh/Q+) -> Nalezeno
[Suspicious.Path] \PZOHSQ -- C:\Users\Radek\AppData\Roaming\PZOHSQ.exe (/infocmdline=TTQCgENqWZrOgTvLTjEJ6vpN8w3T4QYTM75mPEL5KIJnnfTKHviGlYTNDG4Q+ywiZ9WoKGqXSfVjCT6qTWbw2UHGpL62sVTPf5L/NTwheYZZokhxfc2Mbh58ELOaZdSVLIJPIAoiV2P3KCpDMpf81bfpDBqsVJ7tt+GLFDMM3LKyWHRGSasAdVLVwBr4qfezYSfj+24xRujnJ46QHL7EZzSSv/UH69e5PFEcCG3FxSCqR8h9fiGBtQ+ht4DFbHDYcYqBMlB+vEIxggRUf9bxSGZdAZfvePZ0e2dx/bBZnNXj8gbdvG/R1fjGcnN5peuIMsLBVWDMnEqVH2TcfqOrIGAt8Y1d/QikSL7Xrwq1Ce6v0OaHlQBYVQvogG92mJ78VC0zk8SbpTjTP3Ylk3xs/G90b71kpdi5HUCOPDpIT+uWyswWNW3ABi7hFtyhJATA33MoTwQUazyn2Gf8J2AoEcbutyXMHLVnr5eIdLSZvJnyRjHFA+jV9dzDHF9dh/Q+) -> Nalezeno
[Suspicious.Path] \System Update -- C:\Users\Radek\AppData\Roaming\Updater\winupd.exe -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nkkvlc85.default-1439732266531 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD30 EZRX-00DC0B0 SATA Disk Device +++++
--- User ---
[MBR] 0a8dd15d54651ce194823c95ae2a167e
[BSP] 3f3cf9ea95f265539e5da0449b8b8ca2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419637248 | Size: 1892251 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Giga-Byte WDC WD30 EZRX-00DC0B0 Serial ATA Dev +++++
--- User ---
[MBR] 546a8c9c0741c3a6b4b2bd3def869675
[BSP] 7edd36a1675d76c6ec92e4e98c940e7f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 764434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Professional x64
Ran by Radek on so 05.09.2015 at 18:28:36,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Ttessab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Ttessab
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\Radek\Appdata\Local\crashrpt
~~~ Chrome
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05.09.2015 at 18:31:00,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zoek.exe v5.0.0.0 Updated 04-September-2015
Tool run by Radek on so 05.09.2015 at 18:32:22,91.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Radek\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
5.9.2015 18:33:35 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\R.G. Games deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Users\Radek\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Radek\AppData\Local\EmieSiteList deleted successfully
C:\Users\Radek\AppData\Local\EmieUserList deleted successfully
C:\Users\Radek\AppData\Local\Opera Software deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12545E2E-DE99-4143-9946-5FD6553E315F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12ED2458-8E70-4469-987-429834816CB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{153F1647-D97E-4518-9772-F07BC22CCCE3} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{155DBA51-C516-4DEC-A934-F16F1373748} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{156AACF3-747E-4112-AC40-693510109FD6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15EB3DD4-C3-4D33-AF7D-516CBEACD9EF} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1643F567-D521-48E4-983E-B0937124ED2E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1769A22A-1C2B-4630-845E-3911BC803C19} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17E2384C-9042-4896-8CE2-346F46DF3EDA} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1850A135-20CF-43E6-8D7F-CF7E56C6507A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19229C83-F786-4453-8495-1C83CAF246C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19460903-E7F9-467A-BEC9-D5D61FF6B8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1cbcde8c-f460-427b-a80f-8c72196c4ab9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D1B3D60-2A1A-4CB5-8BE1-DAB06D285D24} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E78D546-68AD-4D7B-B452-493B3592C9C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F2A80F-BD62-40C0-89C1-C0AFC286AD9D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2169612F-2D99-40E0-87EF-62491082DEE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{225ECF10-4FE3-40E6-8B1F-8A302D3E855} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22BE414D-CE26-4FCD-9291-C8D6286859} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23D04BB2-55F0-42D8-934-6ACAD7A8CAA} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27478617-2D7-4728-92B4-BFB77D6FD44B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27786B96-7471-4FED-AE65-8EEBBC1965D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D60ABD6-D5A3-46F8-90CD-9E3A7CF06AC4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EA67F6E-D5B2-4308-B9F1-39095D2FAF1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{315E7FC4-44C7-4396-927B-824E43BD4B20} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32DAC9F0-74D5-48C2-83AC-A61A53C9B9CF} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F3189-7924-40D2-A515-B555F861BDD} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33FFDD40-9D53-4543-AD7C-8FE340532260} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34689ACE-2EA-4948-8D2D-D11157D456E6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{346ED2E6-DE27-4D53-B14-9F3EEC2F72} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3479248E-36F4-42D4-975E-B13812B4AD5C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35573F26-29BD-4427-9164-F45EB4B1AC6D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3801DD08-3116-418C-AE1F-EFD992A24FF} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AFAEC1B-1C63-43BB-BA6E-ECB47B7EF2A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E12A53D-3240-4261-9A8C-8263CDB8A718} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E38C5C0-DFCF-4013-A4D0-185FA84316} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F2665E-E1FC-4256-89AB-C3E8C1328122} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{401182BB-4B63-4E5F-80AC-233FFDA44E0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{402E781B-A4F4-4A79-8FA6-A3B184E6880} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41A79231-161A-4CC8-8C40-5063A642938} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4201A1D6-30E8-4BA7-8A29-BBE188CE3B4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4554A4AC-4746-455B-8AEE-3FE2B670875} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46606F44-5A7A-4BB9-9E1D-3B41F37C495} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4682DB66-5617-4654-A56B-947E65D7DB9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47661903-F891-45B9-B9F6-55EADC60605} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47FF03EE-D659-46AB-B835-35178A3D419} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{490C6A35-9927-4C90-B234-CC87157DADFE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC4EDF4-5801-443C-918C-1FB6E2958ED8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD90245-887A-4B27-A1D-3113EF546D7B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BC92833-F24E-4F76-B4DD-4F592E57B3F2} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C6ED084-E066-4E89-9316-DD9012A944C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ED983E3-F161-4A00-9FF5-25AA66B7B4C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F88DA98-4120-4826-99C5-EDF8C71BF052} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5121C33D-1DF7-4D60-B03-F02E17EA149D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5694E17-D0BB-4BE6-ACAD-C2168C75D9E2} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5917EC25-131-41E8-8F68-F9ABF9E96B1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626658a9-e0eb-4c56-9bc5-1664d03e39eb} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B4039-5758-494D-BE2C-6F8CFF661B93} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E60105-CE4B-4823-8CE4-A362A1DDDF6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65FE5C0E-F5D1-4E75-924E-8F7772B8D386} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6658FD3E-2FCB-40EC-BD73-6218D24A31A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{670C570-91E9-48F6-87F0-1BB4D047F6B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{680D2660-98D4-4D8D-82B-1BAFAD89A1F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B1D30A-FA65-4403-A82D-EAF879EDD14} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A7C9216-F1E2-4DA6-8B8D-5F6380321051} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AB875D9-EA38-491F-914A-DB6FF2E1B123} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF42B0E-E34B-46A0-AE36-64F6689E037} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B2BC385-197D-4AD4-8564-56EBC19F55A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BB4C91F-E1C4-47D4-A3C5-C86A648FDE4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E576C3D-F1C8-4FD3-8146-9DCA95CC502} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E91F077-5AA-436D-AC9D-104B606C596D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F66B7CD-6270-4B0C-A87-829E9586395} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70ABCE33-3668-4741-8B10-0244F4DC6CE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70BED69C-7520-4016-AE1F-F8BBB2165B17} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7323BC8F-1401-4F87-B519-AE73F29CA04A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74772A7F-8F8E-46EC-B9E2-7A1FED10911D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7478014E-FEBA-44C2-9B36-7A15B5C1FFED} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75459E17-988D-4A30-B198-290B68533AB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7605D7F8-46B9-4720-9C5A-4D40E686E5C0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76B39420-1990-43B3-8DE9-22A0A1A412F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7718202B-DF82-48B4-A825-D2A6D69DBF65} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77D87F50-40FA-45A1-A447-BF84A4CBBE9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77F01B1A-423E-46A8-B441-C2B0D6AA7E22} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A83B275-1B0-4F6B-A914-C376A86B9F2F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AE08A0F-C140-4A03-BEF3-B734EDBD379} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B3C39C3-A527-4592-B99A-A6BFBDE1DAE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCBF548-9432-4DB0-AD36-378E7A03759} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DEDEC1D-7D36-43D0-9ECC-9185859836} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E3FB6BD-19E7-4EFD-857D-162479762BB1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ED3E1BB-B105-4842-B6F8-394E38245C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F831C2B-448-48D2-84C-42CD20CA5C63} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FBB82DF-7D14-4933-9EEF-F94555D58BFD} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FCFE9AD-6FF9-4DEB-9B92-19ADB2223BF9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8173F82F-4D37-40F3-91DD-66D24246223} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81F3331B-DF63-4E81-960-770FC4DCDA4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{837033-35DF-4D13-8093-FD9A31CFE39D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84E1E868-F5C5-425F-8EF0-9613C43EBEE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84E67241-1894-4747-AC5D-1522CA73CC} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85DE72D0-C1C-44D1-96F2-C0C094B7F521} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A2BFB6-CAB2-40F3-ABEC-D893B2E8381} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{886EDEBA-FDF0-435D-BF9C-5C7BD7C1DF4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{889CD0A8-6E15-4831-BCDC-8CA7C2BE62A9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{891BD9D6-79BF-4B0D-BC87-8C5C44472E2} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BB8E76C-5BC8-46DB-86DB-435D72FFE96A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DF2C6C0-E67F-47B6-9AA2-98CFAC9DEF1D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E06EA12-CAB-4B7F-BB69-D12066C03A8E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F24D0BA-81D-4938-ACE5-E722D8090A4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FF9A60A-EFFC-44B6-86E1-5263C46DF7F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914D42F8-EBFD-47B9-9115-5154DB04575} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9153E215-86BF-479A-8AE8-45F132A3BA47} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91DB7292-1C2-43A9-BE86-ECDDB989913} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91DC86DB-A479-4ABE-864D-C42397B1C1FB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92CDC798-7E07-4EC5-931A-B7BB9BF3181} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{963DC1CA-7F61-4596-9B2B-1E67494BAA94} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97BEAD7D-4330-43B1-9376-D7A5A32B8110} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C2993C4-BFB8-4444-B9B5-3C341E83E8D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DAAF29D-EC88-4917-B0F5-2898DF6B622} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ED7BF5E-F8BB-48D1-93DF-AD5D334D647C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F4DB297-D4EA-417F-BD5D-42198E64876B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A11F7DA5-2E52-4F71-8D47-854588DC9636} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3828A3A-24BB-4C01-AF7-55AC881753E9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3E56262-A85B-4917-928E-6C36D62AA561} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4A1A8A7-AF5D-4014-A81D-46968DD5423E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4F6E3AA-8C8C-465F-9E60-5224DE173B4D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A61EE49-9427-40FC-A270-8F53F25C8215} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6404CE6-F856-47EA-A628-D13553A9977} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B7185A-B3DA-4C94-B332-4A1F45A32086} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A87EB65D-3C01-4A1C-89BF-8FD57CD7D6D9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA8D1071-80BE-4706-A19B-79201EF483F8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAA0F667-917F-4B15-ACD-D218F2F5ED24} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AACEAFEA-CEF4-448A-8BD8-244C4399B8D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACF91B7B-4EC9-4DF7-8045-70FF61A42028} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD4C5229-F7E1-483B-9262-6021327EC98} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF743533-21A0-4495-BA5B-5B477F460BA} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB7808C-37FC-4998-AF8C-F1F17C1119D4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1525AB4-2C45-441D-ACFF-3FA6567E7251} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B230F34C-DA67-4D01-96F6-3DB0EE17A6D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B26118A7-44A0-4833-B035-86D8924550} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2817F9E-EA21-49CB-AFD6-6B628D8B4849} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5693C95-F0BC-4AA3-9DFD-55C2D740E5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B579A064-49-461F-A88C-D53D2023FBD4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B582DE65-66E2-4344-8F50-A390B53C70AD} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B59E9FC0-409-4F2F-97D9-9BEE801D7831} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B647685A-EF03-4B36-82E1-9AD665DE525} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC281C7-9588-4A3F-A0D9-363FF522DEB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2F3745-F0EB-4491-BF2B-BCADCB271AB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB360D31-C636-447D-8A11-26F57AB2D45} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBF8AABC-C5BD-472D-B055-714775FBB058} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCA38172-CC9A-4DA4-AEA-559CEEB4BB0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCAFD257-B844-487A-8893-42B2D17964B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCCADF4B-4726-4860-AE5-5511B1C26EE8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD874837-7A39-4AA8-BC7E-B93AC2D51DB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDBC1C74-2269-4CAE-A192-88A21454EF0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDD66CA2-DD06-4F45-A27D-B88A5298E5FE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE88BD7B-867B-4C57-A655-8657F0726EB5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEEDCC5C-D31D-4571-AE16-C6903A7ED285} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1A65E1C-AC4C-4F93-A3CD-5991DF1FF75A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2114C2D-4008-4F41-90C7-3D4CE5A05298} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6550CC2-CD24-422B-BF1E-47105CD247C5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7C202D6-ADFF-418B-834-D54BC79FBE5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8D8FCAE-8165-42B2-BC3B-1EA0CA4A3850} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA048844-AA4C-4258-BB1B-9248B8B01B56} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA34EF20-2D81-410A-B96E-1CE73337267C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA8EACB5-A7D3-4857-8653-525016E65DF6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAEECFDD-AF57-48EF-81F4-3F509714FAD6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7F0612-C99B-4A7E-BE88-8DBEF8B7AAC8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF468F0E-8E2B-4E76-A4B6-93271A9583F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D23BC06C-DE25-465F-8789-CE10AC94EFA4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3CFEB28-A14A-4138-B6E9-49BF92B87D4C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D464F80B-3DB8-4668-B5D2-A67EBFD5914E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4ECDC41-7BD7-4613-83CF-EA9524679E1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D82FA4DA-BA6F-4EBC-BAF1-B6A0D222113} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E02011B9-D4F4-490A-91B3-E41E89C8C618} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E25A7C8D-779D-49C1-89E4-BAC4AF5EB8D1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2D84950-A372-472D-81B7-324BCBD5FD4D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4AF81F2-F137-485A-A92-D4B9322785C0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5C504D9-5D46-4497-93D-1EBB35DBBD3E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5F85176-EDD6-4296-A0C8-E3CFF778EBDE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9F2507-87E0-4798-BB6A-2A363BEF26E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA328F57-32E2-41A1-B2ED-12EFB34C164} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB980639-58B0-4EE9-809D-64BF6CCB9EB0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC489966-6531-4EC4-9454-27382381960} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED173E42-9244-49A7-A179-5AFDCE1F33C4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEA7A59-563E-4F4D-B1F4-C07CADC91BA9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F059857C-1C74-449C-A678-A6B2DDF1AC5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7CB572C-48C1-473A-A31A-E6973E76D4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8507447-1E02-4F22-9A3C-4AFADAE2DFB1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F897D15C-175E-46B7-9747-545632CB498E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8C2E6B1-793A-4D34-9A6-F139F8F479E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA0D6594-59C3-42A3-9A3E-F8FF756DC25B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA9A5953-410-43CB-A874-945E3EE9FE59} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBA04E0C-84F6-405B-84CB-FF4F3D0B142} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC5FF5D-F80-468A-89E3-A2F1B964E133} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCADAD1C-686B-4330-9DAF-5B36B13742C3} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEA4DBEB-B28-4B70-A3DA-A4F115585362} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1cbcde8c-f460-427b-a80f-8c72196c4ab9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626658a9-e0eb-4c56-9bc5-1664d03e39eb} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js:
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/");
Added to C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\R.G. Games not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~2\Deus.Ex.Human.Revolution.Directors.Cut deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Radek\AppData\Roaming\PZOHSQ" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531
EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash
==== Chromium Look ======================
Google Chrome Version: 45.0.2454.85
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01.05.2015 11:17]
http //torrentz.eu/ - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blojkkpcfjmhjbcdbdlifkflodghjeng
http //orteil.dashnet.org/cookieclicker/ - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjlkpkoaohejhimcmcmgpopolbjdeg
Chrome Hotword Shared Module - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
http //www.gymn-dacice.cz/ - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\llkhkpnpncppomekpgnmhojoabejihjd
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Radek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=13 folders=4 12587903 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Radek\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Radek\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on so 05.09.2015 at 18:49:53,10 ======================
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Radek - RADEK-PC
# Running from : C:\Users\Radek\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ftb
[-] Folder Deleted : C:\ProgramData\saophase
[-] Folder Deleted : C:\Users\Radek\AppData\Local\slimware utilities inc
***** [ Files ] *****
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
[-] File Deleted : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
[-] File Deleted : C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\searchplugins\findit.xml
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : snp
[-] Task Deleted : snf
[-] Task Deleted : UNELEVATE_5740
***** [ Registry ] *****
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SensePlus-bg.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [iWebar-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\08347c3e-cb36-4cba-af68-9c1dfaf6d1ca
[-] Key Deleted : HKLM\SOFTWARE\4abc6713-790b-4b06-8b9b-8369f5fc3bc7
[-] Key Deleted : HKLM\SOFTWARE\654b423a-fbde-47cf-aed8-7db6b1e776b9
[-] Key Deleted : HKLM\SOFTWARE\a7174c60-f4d9-41d1-8574-f4da3417acd8
[-] Key Deleted : HKLM\SOFTWARE\fb723689-6ff5-884f-5b1d-98953927b5a8
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\Appscion
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\SimpleFiles
[!] Key Not Deleted : [x64] HKCU\Software\Appscion
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKU\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
***** [ Web browsers ] *****
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.snapdo.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.oursurfing.com/webfavicon.ico
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5413 bytes] ##########
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 5.9.2015
Čas skenování: 17:58
Protokol: Malwarebytes scan log.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.09.05.04
Databáze rootkitů: v2015.08.16.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radek
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 355749
Uplynulý čas: 10 min, 11 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 0
(Nenalezeny žádné škodlivé položky)
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
RogueKiller V10.10.4.0 (x64) [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Started from : C:\Users\Radek\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 09/05/2015 18:24:26
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] malwarebytes.exe(2872) -- C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe[-] -> Zastaveno [TermProc]
¤¤¤ Registry : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ITHelper (C:\ProgramData\ITHelper\ITHelper) -> Nalezeno
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NYW41 ("C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe" "/s") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ITHelper (C:\ProgramData\ITHelper\ITHelper) -> Nalezeno
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NYW41 ("C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe" "/s") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ITHelper (C:\ProgramData\ITHelper\ITHelper) -> Nalezeno
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NYW41 ("C:\Users\Radek\AppData\Local\MalwarebytesAntiExploit\malwarebytes.exe" "/s") -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Saophase\3oywsxx0.dll [x] -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Saophase\tqkr3tex.dll [x] -> Nalezeno
¤¤¤ Úlohy : 3 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\PZOHSQ.job -- C:\Users\Radek\AppData\Roaming\PZOHSQ.exe (/infocmdline=TTQCgENqWZrOgTvLTjEJ6vpN8w3T4QYTM75mPEL5KIJnnfTKHviGlYTNDG4Q+ywiZ9WoKGqXSfVjCT6qTWbw2UHGpL62sVTPf5L/NTwheYZZokhxfc2Mbh58ELOaZdSVLIJPIAoiV2P3KCpDMpf81bfpDBqsVJ7tt+GLFDMM3LKyWHRGSasAdVLVwBr4qfezYSfj+24xRujnJ46QHL7EZzSSv/UH69e5PFEcCG3FxSCqR8h9fiGBtQ+ht4DFbHDYcYqBMlB+vEIxggRUf9bxSGZdAZfvePZ0e2dx/bBZnNXj8gbdvG/R1fjGcnN5peuIMsLBVWDMnEqVH2TcfqOrIGAt8Y1d/QikSL7Xrwq1Ce6v0OaHlQBYVQvogG92mJ78VC0zk8SbpTjTP3Ylk3xs/G90b71kpdi5HUCOPDpIT+uWyswWNW3ABi7hFtyhJATA33MoTwQUazyn2Gf8J2AoEcbutyXMHLVnr5eIdLSZvJnyRjHFA+jV9dzDHF9dh/Q+) -> Nalezeno
[Suspicious.Path] \PZOHSQ -- C:\Users\Radek\AppData\Roaming\PZOHSQ.exe (/infocmdline=TTQCgENqWZrOgTvLTjEJ6vpN8w3T4QYTM75mPEL5KIJnnfTKHviGlYTNDG4Q+ywiZ9WoKGqXSfVjCT6qTWbw2UHGpL62sVTPf5L/NTwheYZZokhxfc2Mbh58ELOaZdSVLIJPIAoiV2P3KCpDMpf81bfpDBqsVJ7tt+GLFDMM3LKyWHRGSasAdVLVwBr4qfezYSfj+24xRujnJ46QHL7EZzSSv/UH69e5PFEcCG3FxSCqR8h9fiGBtQ+ht4DFbHDYcYqBMlB+vEIxggRUf9bxSGZdAZfvePZ0e2dx/bBZnNXj8gbdvG/R1fjGcnN5peuIMsLBVWDMnEqVH2TcfqOrIGAt8Y1d/QikSL7Xrwq1Ce6v0OaHlQBYVQvogG92mJ78VC0zk8SbpTjTP3Ylk3xs/G90b71kpdi5HUCOPDpIT+uWyswWNW3ABi7hFtyhJATA33MoTwQUazyn2Gf8J2AoEcbutyXMHLVnr5eIdLSZvJnyRjHFA+jV9dzDHF9dh/Q+) -> Nalezeno
[Suspicious.Path] \System Update -- C:\Users\Radek\AppData\Roaming\Updater\winupd.exe -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] nkkvlc85.default-1439732266531 : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD30 EZRX-00DC0B0 SATA Disk Device +++++
--- User ---
[MBR] 0a8dd15d54651ce194823c95ae2a167e
[BSP] 3f3cf9ea95f265539e5da0449b8b8ca2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419637248 | Size: 1892251 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Giga-Byte WDC WD30 EZRX-00DC0B0 Serial ATA Dev +++++
--- User ---
[MBR] 546a8c9c0741c3a6b4b2bd3def869675
[BSP] 7edd36a1675d76c6ec92e4e98c940e7f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 764434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Professional x64
Ran by Radek on so 05.09.2015 at 18:28:36,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Ttessab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Ttessab
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\Radek\Appdata\Local\crashrpt
~~~ Chrome
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Radek\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05.09.2015 at 18:31:00,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zoek.exe v5.0.0.0 Updated 04-September-2015
Tool run by Radek on so 05.09.2015 at 18:32:22,91.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Radek\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
5.9.2015 18:33:35 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\R.G. Games deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Users\Radek\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Radek\AppData\Local\EmieSiteList deleted successfully
C:\Users\Radek\AppData\Local\EmieUserList deleted successfully
C:\Users\Radek\AppData\Local\Opera Software deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12545E2E-DE99-4143-9946-5FD6553E315F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12ED2458-8E70-4469-987-429834816CB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{153F1647-D97E-4518-9772-F07BC22CCCE3} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{155DBA51-C516-4DEC-A934-F16F1373748} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{156AACF3-747E-4112-AC40-693510109FD6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15EB3DD4-C3-4D33-AF7D-516CBEACD9EF} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1643F567-D521-48E4-983E-B0937124ED2E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1769A22A-1C2B-4630-845E-3911BC803C19} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17E2384C-9042-4896-8CE2-346F46DF3EDA} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1850A135-20CF-43E6-8D7F-CF7E56C6507A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19229C83-F786-4453-8495-1C83CAF246C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19460903-E7F9-467A-BEC9-D5D61FF6B8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1cbcde8c-f460-427b-a80f-8c72196c4ab9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D1B3D60-2A1A-4CB5-8BE1-DAB06D285D24} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E78D546-68AD-4D7B-B452-493B3592C9C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F2A80F-BD62-40C0-89C1-C0AFC286AD9D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2169612F-2D99-40E0-87EF-62491082DEE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{225ECF10-4FE3-40E6-8B1F-8A302D3E855} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22BE414D-CE26-4FCD-9291-C8D6286859} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23D04BB2-55F0-42D8-934-6ACAD7A8CAA} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27478617-2D7-4728-92B4-BFB77D6FD44B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27786B96-7471-4FED-AE65-8EEBBC1965D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D60ABD6-D5A3-46F8-90CD-9E3A7CF06AC4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EA67F6E-D5B2-4308-B9F1-39095D2FAF1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{315E7FC4-44C7-4396-927B-824E43BD4B20} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32DAC9F0-74D5-48C2-83AC-A61A53C9B9CF} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F3189-7924-40D2-A515-B555F861BDD} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33FFDD40-9D53-4543-AD7C-8FE340532260} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34689ACE-2EA-4948-8D2D-D11157D456E6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{346ED2E6-DE27-4D53-B14-9F3EEC2F72} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3479248E-36F4-42D4-975E-B13812B4AD5C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35573F26-29BD-4427-9164-F45EB4B1AC6D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3801DD08-3116-418C-AE1F-EFD992A24FF} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AFAEC1B-1C63-43BB-BA6E-ECB47B7EF2A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E12A53D-3240-4261-9A8C-8263CDB8A718} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E38C5C0-DFCF-4013-A4D0-185FA84316} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F2665E-E1FC-4256-89AB-C3E8C1328122} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{401182BB-4B63-4E5F-80AC-233FFDA44E0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{402E781B-A4F4-4A79-8FA6-A3B184E6880} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41A79231-161A-4CC8-8C40-5063A642938} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4201A1D6-30E8-4BA7-8A29-BBE188CE3B4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4554A4AC-4746-455B-8AEE-3FE2B670875} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46606F44-5A7A-4BB9-9E1D-3B41F37C495} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4682DB66-5617-4654-A56B-947E65D7DB9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47661903-F891-45B9-B9F6-55EADC60605} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47FF03EE-D659-46AB-B835-35178A3D419} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{490C6A35-9927-4C90-B234-CC87157DADFE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AC4EDF4-5801-443C-918C-1FB6E2958ED8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD90245-887A-4B27-A1D-3113EF546D7B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BC92833-F24E-4F76-B4DD-4F592E57B3F2} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C6ED084-E066-4E89-9316-DD9012A944C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4ED983E3-F161-4A00-9FF5-25AA66B7B4C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F88DA98-4120-4826-99C5-EDF8C71BF052} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5121C33D-1DF7-4D60-B03-F02E17EA149D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5694E17-D0BB-4BE6-ACAD-C2168C75D9E2} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5917EC25-131-41E8-8F68-F9ABF9E96B1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626658a9-e0eb-4c56-9bc5-1664d03e39eb} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62B4039-5758-494D-BE2C-6F8CFF661B93} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E60105-CE4B-4823-8CE4-A362A1DDDF6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65FE5C0E-F5D1-4E75-924E-8F7772B8D386} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6658FD3E-2FCB-40EC-BD73-6218D24A31A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{670C570-91E9-48F6-87F0-1BB4D047F6B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{680D2660-98D4-4D8D-82B-1BAFAD89A1F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B1D30A-FA65-4403-A82D-EAF879EDD14} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A7C9216-F1E2-4DA6-8B8D-5F6380321051} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AB875D9-EA38-491F-914A-DB6FF2E1B123} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF42B0E-E34B-46A0-AE36-64F6689E037} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B2BC385-197D-4AD4-8564-56EBC19F55A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BB4C91F-E1C4-47D4-A3C5-C86A648FDE4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E576C3D-F1C8-4FD3-8146-9DCA95CC502} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E91F077-5AA-436D-AC9D-104B606C596D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F66B7CD-6270-4B0C-A87-829E9586395} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70ABCE33-3668-4741-8B10-0244F4DC6CE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70BED69C-7520-4016-AE1F-F8BBB2165B17} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7323BC8F-1401-4F87-B519-AE73F29CA04A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74772A7F-8F8E-46EC-B9E2-7A1FED10911D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7478014E-FEBA-44C2-9B36-7A15B5C1FFED} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75459E17-988D-4A30-B198-290B68533AB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7605D7F8-46B9-4720-9C5A-4D40E686E5C0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76B39420-1990-43B3-8DE9-22A0A1A412F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7718202B-DF82-48B4-A825-D2A6D69DBF65} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77D87F50-40FA-45A1-A447-BF84A4CBBE9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77F01B1A-423E-46A8-B441-C2B0D6AA7E22} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A83B275-1B0-4F6B-A914-C376A86B9F2F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AE08A0F-C140-4A03-BEF3-B734EDBD379} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B3C39C3-A527-4592-B99A-A6BFBDE1DAE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCBF548-9432-4DB0-AD36-378E7A03759} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DEDEC1D-7D36-43D0-9ECC-9185859836} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E3FB6BD-19E7-4EFD-857D-162479762BB1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ED3E1BB-B105-4842-B6F8-394E38245C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F831C2B-448-48D2-84C-42CD20CA5C63} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FBB82DF-7D14-4933-9EEF-F94555D58BFD} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FCFE9AD-6FF9-4DEB-9B92-19ADB2223BF9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8173F82F-4D37-40F3-91DD-66D24246223} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81F3331B-DF63-4E81-960-770FC4DCDA4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{837033-35DF-4D13-8093-FD9A31CFE39D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84E1E868-F5C5-425F-8EF0-9613C43EBEE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84E67241-1894-4747-AC5D-1522CA73CC} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85DE72D0-C1C-44D1-96F2-C0C094B7F521} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A2BFB6-CAB2-40F3-ABEC-D893B2E8381} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{886EDEBA-FDF0-435D-BF9C-5C7BD7C1DF4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{889CD0A8-6E15-4831-BCDC-8CA7C2BE62A9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{891BD9D6-79BF-4B0D-BC87-8C5C44472E2} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BB8E76C-5BC8-46DB-86DB-435D72FFE96A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DF2C6C0-E67F-47B6-9AA2-98CFAC9DEF1D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E06EA12-CAB-4B7F-BB69-D12066C03A8E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F24D0BA-81D-4938-ACE5-E722D8090A4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FF9A60A-EFFC-44B6-86E1-5263C46DF7F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914D42F8-EBFD-47B9-9115-5154DB04575} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9153E215-86BF-479A-8AE8-45F132A3BA47} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91DB7292-1C2-43A9-BE86-ECDDB989913} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91DC86DB-A479-4ABE-864D-C42397B1C1FB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92CDC798-7E07-4EC5-931A-B7BB9BF3181} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{963DC1CA-7F61-4596-9B2B-1E67494BAA94} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97BEAD7D-4330-43B1-9376-D7A5A32B8110} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C2993C4-BFB8-4444-B9B5-3C341E83E8D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DAAF29D-EC88-4917-B0F5-2898DF6B622} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9ED7BF5E-F8BB-48D1-93DF-AD5D334D647C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F4DB297-D4EA-417F-BD5D-42198E64876B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A11F7DA5-2E52-4F71-8D47-854588DC9636} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3828A3A-24BB-4C01-AF7-55AC881753E9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3E56262-A85B-4917-928E-6C36D62AA561} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4A1A8A7-AF5D-4014-A81D-46968DD5423E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4F6E3AA-8C8C-465F-9E60-5224DE173B4D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A61EE49-9427-40FC-A270-8F53F25C8215} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6404CE6-F856-47EA-A628-D13553A9977} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B7185A-B3DA-4C94-B332-4A1F45A32086} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A87EB65D-3C01-4A1C-89BF-8FD57CD7D6D9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA8D1071-80BE-4706-A19B-79201EF483F8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAA0F667-917F-4B15-ACD-D218F2F5ED24} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AACEAFEA-CEF4-448A-8BD8-244C4399B8D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACF91B7B-4EC9-4DF7-8045-70FF61A42028} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD4C5229-F7E1-483B-9262-6021327EC98} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF743533-21A0-4495-BA5B-5B477F460BA} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB7808C-37FC-4998-AF8C-F1F17C1119D4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1525AB4-2C45-441D-ACFF-3FA6567E7251} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B230F34C-DA67-4D01-96F6-3DB0EE17A6D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B26118A7-44A0-4833-B035-86D8924550} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2817F9E-EA21-49CB-AFD6-6B628D8B4849} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5693C95-F0BC-4AA3-9DFD-55C2D740E5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B579A064-49-461F-A88C-D53D2023FBD4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B582DE65-66E2-4344-8F50-A390B53C70AD} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B59E9FC0-409-4F2F-97D9-9BEE801D7831} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B647685A-EF03-4B36-82E1-9AD665DE525} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC281C7-9588-4A3F-A0D9-363FF522DEB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2F3745-F0EB-4491-BF2B-BCADCB271AB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB360D31-C636-447D-8A11-26F57AB2D45} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBF8AABC-C5BD-472D-B055-714775FBB058} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCA38172-CC9A-4DA4-AEA-559CEEB4BB0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCAFD257-B844-487A-8893-42B2D17964B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCCADF4B-4726-4860-AE5-5511B1C26EE8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD874837-7A39-4AA8-BC7E-B93AC2D51DB} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDBC1C74-2269-4CAE-A192-88A21454EF0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDD66CA2-DD06-4F45-A27D-B88A5298E5FE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE88BD7B-867B-4C57-A655-8657F0726EB5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEEDCC5C-D31D-4571-AE16-C6903A7ED285} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1A65E1C-AC4C-4F93-A3CD-5991DF1FF75A} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2114C2D-4008-4F41-90C7-3D4CE5A05298} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6550CC2-CD24-422B-BF1E-47105CD247C5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7C202D6-ADFF-418B-834-D54BC79FBE5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8D8FCAE-8165-42B2-BC3B-1EA0CA4A3850} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA048844-AA4C-4258-BB1B-9248B8B01B56} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA34EF20-2D81-410A-B96E-1CE73337267C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA8EACB5-A7D3-4857-8653-525016E65DF6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAEECFDD-AF57-48EF-81F4-3F509714FAD6} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD7F0612-C99B-4A7E-BE88-8DBEF8B7AAC8} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF468F0E-8E2B-4E76-A4B6-93271A9583F} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D23BC06C-DE25-465F-8789-CE10AC94EFA4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3CFEB28-A14A-4138-B6E9-49BF92B87D4C} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D464F80B-3DB8-4668-B5D2-A67EBFD5914E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4ECDC41-7BD7-4613-83CF-EA9524679E1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D82FA4DA-BA6F-4EBC-BAF1-B6A0D222113} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E02011B9-D4F4-490A-91B3-E41E89C8C618} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E25A7C8D-779D-49C1-89E4-BAC4AF5EB8D1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2D84950-A372-472D-81B7-324BCBD5FD4D} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4AF81F2-F137-485A-A92-D4B9322785C0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5C504D9-5D46-4497-93D-1EBB35DBBD3E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5F85176-EDD6-4296-A0C8-E3CFF778EBDE} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9F2507-87E0-4798-BB6A-2A363BEF26E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA328F57-32E2-41A1-B2ED-12EFB34C164} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB980639-58B0-4EE9-809D-64BF6CCB9EB0} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC489966-6531-4EC4-9454-27382381960} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED173E42-9244-49A7-A179-5AFDCE1F33C4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEA7A59-563E-4F4D-B1F4-C07CADC91BA9} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F059857C-1C74-449C-A678-A6B2DDF1AC5} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7CB572C-48C1-473A-A31A-E6973E76D4} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8507447-1E02-4F22-9A3C-4AFADAE2DFB1} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F897D15C-175E-46B7-9747-545632CB498E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8C2E6B1-793A-4D34-9A6-F139F8F479E} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA0D6594-59C3-42A3-9A3E-F8FF756DC25B} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA9A5953-410-43CB-A874-945E3EE9FE59} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBA04E0C-84F6-405B-84CB-FF4F3D0B142} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC5FF5D-F80-468A-89E3-A2F1B964E133} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FCADAD1C-686B-4330-9DAF-5B36B13742C3} deleted successfully
HKEY_USERS\S-1-5-21-2731555163-1214082887-1406298696-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEA4DBEB-B28-4B70-A3DA-A4F115585362} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1cbcde8c-f460-427b-a80f-8c72196c4ab9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{626658a9-e0eb-4c56-9bc5-1664d03e39eb} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js:
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/");
Added to C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\R.G. Games not found
C:\PROGRA~2\R.G. Mechanics not found
C:\PROGRA~2\Deus.Ex.Human.Revolution.Directors.Cut deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\windows\SysNative\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Users\Radek\AppData\Roaming\PZOHSQ" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531
EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash
==== Chromium Look ======================
Google Chrome Version: 45.0.2454.85
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01.05.2015 11:17]
http //torrentz.eu/ - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blojkkpcfjmhjbcdbdlifkflodghjeng
http //orteil.dashnet.org/cookieclicker/ - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfnjlkpkoaohejhimcmcmgpopolbjdeg
Chrome Hotword Shared Module - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
http //www.gymn-dacice.cz/ - Radek\AppData\Local\Google\Chrome\User Data\Default\Extensions\llkhkpnpncppomekpgnmhojoabejihjd
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Radek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=13 folders=4 12587903 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Radek\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Radek\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on so 05.09.2015 at 18:49:53,10 ======================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43063
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - saophase
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu - saophase
RogueKiller mi v žádné ze záložek nezobrazil žádné možnosti k zatržení. Všechny byly prázdné.
RogueKiller V10.10.4.0 (x64) [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Started from : C:\Users\Radek\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 09/06/2015 09:37:23
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 5 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD30 EZRX-00DC0B0 SATA Disk Device +++++
--- User ---
[MBR] 0a8dd15d54651ce194823c95ae2a167e
[BSP] 3f3cf9ea95f265539e5da0449b8b8ca2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419637248 | Size: 1892251 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Giga-Byte WDC WD30 EZRX-00DC0B0 Serial ATA Dev +++++
--- User ---
[MBR] 546a8c9c0741c3a6b4b2bd3def869675
[BSP] 7edd36a1675d76c6ec92e4e98c940e7f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 764434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )
ComboFix 15-09-03.01 - Radek 06.09.2015 9:40.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.16284.13338 [GMT 2:00]
Spuštěný z: c:\users\Radek\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-06 do 2015-09-06 )))))))))))))))))))))))))))))))
.
.
2015-09-06 07:44 . 2015-09-06 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-05 16:54 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C01F18B7-E5F2-4A68-B5AB-08B6D1B2AE15}\mpengine.dll
2015-09-05 16:44 . 2015-09-05 16:32 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-05 16:44 . 2015-09-06 07:44 -------- d-----w- c:\users\Radek\AppData\Local\Temp
2015-09-05 16:34 . 2015-09-05 16:34 -------- d-----w- c:\users\Radek\AppData\Local\CrashDumps
2015-09-05 16:32 . 2015-09-05 16:49 -------- d-----w- C:\zoek_backup
2015-09-05 16:12 . 2015-09-06 07:26 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-05 16:12 . 2015-09-05 16:26 -------- d-----w- c:\programdata\RogueKiller
2015-09-05 12:26 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-09-05 12:26 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-05 12:26 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-09-05 12:04 . 2015-09-05 15:55 -------- d-----w- C:\AdwCleaner
2015-09-05 09:58 . 2015-07-02 07:53 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A625E10-FA68-486D-A802-4589AD204C26}\gapaengine.dll
2015-08-17 13:27 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-17 10:07 . 2015-08-17 10:07 3588893 ----a-w- c:\program files\Common Files\qw5yfsus.exe
2015-08-17 09:51 . 2015-08-17 09:51 -------- d-----w- c:\program files\Common Files\fd44vqdm
2015-08-17 06:07 . 2015-08-17 06:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-08-16 22:13 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 22:13 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 13:26 . 2015-07-16 20:26 5923328 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 07:25 . 2014-12-27 12:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 13:47 . 2014-12-26 18:24 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-16 14:03 . 2015-05-30 09:03 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-16 14:03 . 2015-05-30 09:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-03 10:12 . 2015-01-26 15:56 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-28 14:29 . 2015-07-28 14:29 3734676 ----a-w- c:\program files\Common Files\1vsocagy.exe
2015-07-15 18:10 . 2015-08-16 13:27 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-16 13:27 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-16 13:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 08:40 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 08:40 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 07:53 . 2015-01-04 10:34 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-23 23:31 . 2015-06-23 23:31 1615016 ----a-w- c:\windows\system32\FM20.DLL
2015-06-18 06:41 . 2014-12-27 12:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-12-27 12:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-12-27 12:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 08:42 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 08:42 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 08:40 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 08:40 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 08:40 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 08:40 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 08:40 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 08:40 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 08:40 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 08:40 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 08:40 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 08:40 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 08:40 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 08:39 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-09 18:03 . 2015-07-15 08:42 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 18:03 . 2015-07-15 08:42 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-08-03 5579624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 hitmanpro37duringboot;hitmanpro37duringboot;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VirtDiskBus64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-05 10:01 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-30 14:03]
.
2015-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26 09:54]
.
2015-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26 09:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7660760]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1396592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
FF - ProfilePath - c:\users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Wow6432Node-HKLM-Run-Nginx - c:\program files (x86)\Nginx\shortcut.lnk
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-09-06 09:45:46
ComboFix-quarantined-files.txt 2015-09-06 07:45
.
Před spuštěním: 38 826 622 976 bytes free
Po spuštění: 38 429 347 840 bytes free
.
- - End Of File - - 2C829062EAA02485204F9E03F398B416
A36C5E4F47E84449FF07ED3517B43A31
RogueKiller V10.10.4.0 (x64) [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Radek [Práva správce]
Started from : C:\Users\Radek\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 09/06/2015 09:37:23
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 5 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{23629C23-5CD0-4FC2-A03D-9D50014CBA16} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD30 EZRX-00DC0B0 SATA Disk Device +++++
--- User ---
[MBR] 0a8dd15d54651ce194823c95ae2a167e
[BSP] 3f3cf9ea95f265539e5da0449b8b8ca2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419637248 | Size: 1892251 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Giga-Byte WDC WD30 EZRX-00DC0B0 Serial ATA Dev +++++
--- User ---
[MBR] 546a8c9c0741c3a6b4b2bd3def869675
[BSP] 7edd36a1675d76c6ec92e4e98c940e7f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 764434 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )
ComboFix 15-09-03.01 - Radek 06.09.2015 9:40.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.16284.13338 [GMT 2:00]
Spuštěný z: c:\users\Radek\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-06 do 2015-09-06 )))))))))))))))))))))))))))))))
.
.
2015-09-06 07:44 . 2015-09-06 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-05 16:54 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C01F18B7-E5F2-4A68-B5AB-08B6D1B2AE15}\mpengine.dll
2015-09-05 16:44 . 2015-09-05 16:32 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-05 16:44 . 2015-09-06 07:44 -------- d-----w- c:\users\Radek\AppData\Local\Temp
2015-09-05 16:34 . 2015-09-05 16:34 -------- d-----w- c:\users\Radek\AppData\Local\CrashDumps
2015-09-05 16:32 . 2015-09-05 16:49 -------- d-----w- C:\zoek_backup
2015-09-05 16:12 . 2015-09-06 07:26 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-05 16:12 . 2015-09-05 16:26 -------- d-----w- c:\programdata\RogueKiller
2015-09-05 12:26 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-09-05 12:26 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-05 12:26 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-09-05 12:04 . 2015-09-05 15:55 -------- d-----w- C:\AdwCleaner
2015-09-05 09:58 . 2015-07-02 07:53 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A625E10-FA68-486D-A802-4589AD204C26}\gapaengine.dll
2015-08-17 13:27 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-17 10:07 . 2015-08-17 10:07 3588893 ----a-w- c:\program files\Common Files\qw5yfsus.exe
2015-08-17 09:51 . 2015-08-17 09:51 -------- d-----w- c:\program files\Common Files\fd44vqdm
2015-08-17 06:07 . 2015-08-17 06:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-08-16 22:13 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 22:13 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 13:26 . 2015-07-16 20:26 5923328 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 07:25 . 2014-12-27 12:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 13:47 . 2014-12-26 18:24 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-16 14:03 . 2015-05-30 09:03 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-16 14:03 . 2015-05-30 09:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-03 10:12 . 2015-01-26 15:56 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-28 14:29 . 2015-07-28 14:29 3734676 ----a-w- c:\program files\Common Files\1vsocagy.exe
2015-07-15 18:10 . 2015-08-16 13:27 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-16 13:27 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-16 13:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 08:40 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 08:40 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 07:53 . 2015-01-04 10:34 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-23 23:31 . 2015-06-23 23:31 1615016 ----a-w- c:\windows\system32\FM20.DLL
2015-06-18 06:41 . 2014-12-27 12:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-12-27 12:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-12-27 12:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 08:42 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 08:42 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 08:40 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 08:40 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 08:40 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 08:40 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 08:40 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 08:40 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 08:40 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 08:40 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 08:40 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 08:40 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 08:40 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 08:39 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-09 18:03 . 2015-07-15 08:42 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 18:03 . 2015-07-15 08:42 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-08-03 5579624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 hitmanpro37duringboot;hitmanpro37duringboot;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VirtDiskBus64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-05 10:01 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-30 14:03]
.
2015-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26 09:54]
.
2015-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-26 09:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7660760]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1396592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
FF - ProfilePath - c:\users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-Malwarebytes Anti-Exploit - c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Wow6432Node-HKLM-Run-Nginx - c:\program files (x86)\Nginx\shortcut.lnk
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-09-06 09:45:46
ComboFix-quarantined-files.txt 2015-09-06 07:45
.
Před spuštěním: 38 826 622 976 bytes free
Po spuštění: 38 429 347 840 bytes free
.
- - End Of File - - 2C829062EAA02485204F9E03F398B416
A36C5E4F47E84449FF07ED3517B43A31
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43063
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - saophase
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
c:\program files\Common Files\fd44vqdm .... ten program znáš??
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
Driver::
SkypeUpdate
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
c:\program files\Common Files\fd44vqdm .... ten program znáš??
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu - saophase
Já jsem pouze prostředník. Ale už na to nebudu mít nyní čas. Dále to prosím řešte s uživatelem Rafrid. Děkuji
Re: Prosím o kontrolu logu - saophase
ComboFix 15-09-03.01 - Radek 06.09.2015 11:54:59.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.16284.14444 [GMT 2:00]
Spuštěný z: c:\users\Radek\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Radek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.13\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.13\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.13\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.13\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.13\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.13\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.85\45.0.2454.85_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{04A3523E-B6BD-41CA-B9FC-E799967CB8FC}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{08EB0074-25E7-45AA-9E6C-B3F2F3C52B76}\43.0.2357.130_43.0.2357.124_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{091CAEA4-1184-4B81-B38F-AC7299001A2A}\43.0.2357.65_42.0.2311.152_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{0CCBC064-2415-4578-A97B-2BE28F59431C}\44.0.2403.155_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{2DDDA1B8-00B0-486C-960D-17BB1524D7A1}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{37495294-F8B0-4E51-BEF1-30332A73110B}\45.0.2454.85_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3A5AA73B-6741-4066-BD93-544A323778D0}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{4F92F0F3-25FC-46DF-8D10-99AFE05EA42D}\42.0.2311.152_42.0.2311.135_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{54CBA26B-CC1A-4E60-A5FA-EDD92F5DA43C}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{58F71279-6854-4C9F-BBAD-1E18D59DB5C1}\44.0.2403.89_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{680C593D-14C2-44A5-8EA3-758DC1674FA4}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6BF46DB4-BFF6-4D9C-A7F7-9FD0DC749E12}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{86A7114F-F6B0-4C18-B80A-83CFAE1C57A3}\42.0.2311.135_42.0.2311.90_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{95B51F6B-DAFA-4019-AD89-B3F5B68C1E18}\44.0.2403.107_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{9A0AB301-11D1-42E4-963E-7BF6377234E4}\42.0.2311.90_41.0.2272.118_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{9AD9144D-DE6D-4B59-8634-8416E156E20B}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{C517B8AD-8E2B-4710-901E-A61DD7FE482D}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{CDD6D41B-2204-4CE8-81A1-DAAEE5A5B756}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{DBB5118A-511D-4FF6-9F55-53953B1804D1}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{DDD6FD60-0128-4C97-9F4D-5853BE9B7FBF}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{E36C382A-61F9-490C-B88F-F8013CE859D1}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{F7E149E4-313C-4FB1-BF30-9300739BAA41}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{F8282508-37D7-4AFD-BFEF-3DACB22B35E6}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-06 do 2015-09-06 )))))))))))))))))))))))))))))))
.
.
2015-09-06 09:57 . 2015-09-06 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-06 09:43 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43095126-E8BE-4921-8E12-7BF5A0357597}\mpengine.dll
2015-09-05 16:44 . 2015-09-05 16:32 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-05 16:44 . 2015-09-06 09:59 -------- d-----w- c:\users\Radek\AppData\Local\Temp
2015-09-05 16:34 . 2015-09-05 16:34 -------- d-----w- c:\users\Radek\AppData\Local\CrashDumps
2015-09-05 16:32 . 2015-09-05 16:49 -------- d-----w- C:\zoek_backup
2015-09-05 16:12 . 2015-09-06 07:48 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-05 16:12 . 2015-09-05 16:26 -------- d-----w- c:\programdata\RogueKiller
2015-09-05 12:26 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-09-05 12:26 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-05 12:26 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-09-05 12:04 . 2015-09-05 15:55 -------- d-----w- C:\AdwCleaner
2015-09-05 09:58 . 2015-07-02 07:53 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A625E10-FA68-486D-A802-4589AD204C26}\gapaengine.dll
2015-08-17 13:27 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-17 10:07 . 2015-08-17 10:07 3588893 ----a-w- c:\program files\Common Files\qw5yfsus.exe
2015-08-17 09:51 . 2015-08-17 09:51 -------- d-----w- c:\program files\Common Files\fd44vqdm
2015-08-17 06:07 . 2015-08-17 06:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-08-16 22:13 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 22:13 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 13:26 . 2015-07-16 20:26 5923328 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 09:58 . 2014-12-27 12:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 13:47 . 2014-12-26 18:24 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-16 14:03 . 2015-05-30 09:03 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-16 14:03 . 2015-05-30 09:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-03 10:12 . 2015-01-26 15:56 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-28 14:29 . 2015-07-28 14:29 3734676 ----a-w- c:\program files\Common Files\1vsocagy.exe
2015-07-15 18:10 . 2015-08-16 13:27 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-16 13:27 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-16 13:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 08:40 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 08:40 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 07:53 . 2015-01-04 10:34 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-23 23:31 . 2015-06-23 23:31 1615016 ----a-w- c:\windows\system32\FM20.DLL
2015-06-18 06:41 . 2014-12-27 12:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-12-27 12:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-12-27 12:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 08:42 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 08:42 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 08:40 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 08:40 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 08:40 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 08:40 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 08:40 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 08:40 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 08:40 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 08:40 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 08:40 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 08:40 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 08:40 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 08:39 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-09 18:03 . 2015-07-15 08:42 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 18:03 . 2015-07-15 08:42 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-08-03 5579624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 hitmanpro37duringboot;hitmanpro37duringboot;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VirtDiskBus64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-05 10:01 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-30 14:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7660760]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1396592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
FF - ProfilePath - c:\users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Celkový čas: 2015-09-06 12:01:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-06 10:01
ComboFix2.txt 2015-09-06 07:45
.
Před spuštěním: 38 478 475 264 bytes free
Po spuštění: 38 116 405 248 bytes free
.
- - End Of File - - 6FCD6883A9DC595B2F320BE8730E036D
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-09-06 12:04:45
-----------------------------
12:04:45.948 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:45.948 Number of processors: 8 586 0x200
12:04:45.948 ComputerName: RADEK-PC UserName: Radek
12:04:46.401 Initialize success
12:04:46.510 VM: initialized successfully
12:04:46.510 VM: Amd CPU supported
12:05:56.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
12:05:56.237 Disk 0 Vendor: WDC_WD30 80.0 Size: 2861588MB BusType: 11
12:05:56.237 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
12:05:56.237 Disk 1 Vendor: Giga-Byte 1.0 Size: 764436MB BusType: 0
12:05:56.331 Disk 0 MBR read successfully
12:05:56.331 Disk 0 MBR scan
12:05:56.331 Disk 0 Windows 7 default MBR code
12:05:56.346 Disk 0 Partition 1 00 06 FAT16 100 MB offset 2048
12:05:56.346 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 204800 MB offset 206848
12:05:56.362 Disk 0 Boot: NTFS code=2
12:05:56.377 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1892251 MB offset 419637248
12:05:56.393 Disk 0 scanning C:\Windows\system32\drivers
12:06:00.340 Service scanning
12:06:10.371 Modules scanning
12:06:10.371 Disk 0 trace - called modules:
12:06:10.386 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:06:10.402 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d8e2790]
12:06:10.402 3 CLASSPNP.SYS[fffff880019a343f] -> nt!IofCallDriver -> [0xfffffa800d6a3040]
12:06:10.417 5 amd_xata.sys[fffff88001142d00] -> nt!IofCallDriver -> \Device\00000069[0xfffffa800d6878b0]
12:06:10.433 Disk 0 statistics 93354/0/0 @ 12,54 MB/s
12:06:10.433 Scan finished successfully
12:06:28.841 Disk 0 MBR has been saved successfully to "C:\Users\Radek\Desktop\MBR.dat"
12:06:28.857 The log file has been saved successfully to "C:\Users\Radek\Desktop\aswMBR.txt"
Program fd44vqdm neznám
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.16284.14444 [GMT 2:00]
Spuštěný z: c:\users\Radek\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Radek\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.13\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.13\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.13\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.13\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.13\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.13\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.13\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.13\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.85\45.0.2454.85_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{04A3523E-B6BD-41CA-B9FC-E799967CB8FC}\43.0.2357.81_43.0.2357.65_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{08EB0074-25E7-45AA-9E6C-B3F2F3C52B76}\43.0.2357.130_43.0.2357.124_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{091CAEA4-1184-4B81-B38F-AC7299001A2A}\43.0.2357.65_42.0.2311.152_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{0CCBC064-2415-4578-A97B-2BE28F59431C}\44.0.2403.155_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{2DDDA1B8-00B0-486C-960D-17BB1524D7A1}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{37495294-F8B0-4E51-BEF1-30332A73110B}\45.0.2454.85_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{3A5AA73B-6741-4066-BD93-544A323778D0}\41.0.2272.101_41.0.2272.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{4F92F0F3-25FC-46DF-8D10-99AFE05EA42D}\42.0.2311.152_42.0.2311.135_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{54CBA26B-CC1A-4E60-A5FA-EDD92F5DA43C}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{58F71279-6854-4C9F-BBAD-1E18D59DB5C1}\44.0.2403.89_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{680C593D-14C2-44A5-8EA3-758DC1674FA4}\41.0.2272.89_40.0.2214.115_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{6BF46DB4-BFF6-4D9C-A7F7-9FD0DC749E12}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{86A7114F-F6B0-4C18-B80A-83CFAE1C57A3}\42.0.2311.135_42.0.2311.90_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{95B51F6B-DAFA-4019-AD89-B3F5B68C1E18}\44.0.2403.107_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{9A0AB301-11D1-42E4-963E-7BF6377234E4}\42.0.2311.90_41.0.2272.118_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{9AD9144D-DE6D-4B59-8634-8416E156E20B}\41.0.2272.118_41.0.2272.101_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{C517B8AD-8E2B-4710-901E-A61DD7FE482D}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{CDD6D41B-2204-4CE8-81A1-DAAEE5A5B756}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{DBB5118A-511D-4FF6-9F55-53953B1804D1}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{DDD6FD60-0128-4C97-9F4D-5853BE9B7FBF}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{E36C382A-61F9-490C-B88F-F8013CE859D1}\43.0.2357.124_43.0.2357.81_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{F7E149E4-313C-4FB1-BF30-9300739BAA41}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{F8282508-37D7-4AFD-BFEF-3DACB22B35E6}\43.0.2357.132_43.0.2357.130_chrome_updater.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-06 do 2015-09-06 )))))))))))))))))))))))))))))))
.
.
2015-09-06 09:57 . 2015-09-06 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-06 09:43 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43095126-E8BE-4921-8E12-7BF5A0357597}\mpengine.dll
2015-09-05 16:44 . 2015-09-05 16:32 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-05 16:44 . 2015-09-06 09:59 -------- d-----w- c:\users\Radek\AppData\Local\Temp
2015-09-05 16:34 . 2015-09-05 16:34 -------- d-----w- c:\users\Radek\AppData\Local\CrashDumps
2015-09-05 16:32 . 2015-09-05 16:49 -------- d-----w- C:\zoek_backup
2015-09-05 16:12 . 2015-09-06 07:48 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-05 16:12 . 2015-09-05 16:26 -------- d-----w- c:\programdata\RogueKiller
2015-09-05 12:26 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-09-05 12:26 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-09-05 12:26 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-09-05 12:04 . 2015-09-05 15:55 -------- d-----w- C:\AdwCleaner
2015-09-05 09:58 . 2015-07-02 07:53 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A625E10-FA68-486D-A802-4589AD204C26}\gapaengine.dll
2015-08-17 13:27 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-17 10:07 . 2015-08-17 10:07 3588893 ----a-w- c:\program files\Common Files\qw5yfsus.exe
2015-08-17 09:51 . 2015-08-17 09:51 -------- d-----w- c:\program files\Common Files\fd44vqdm
2015-08-17 06:07 . 2015-08-17 06:07 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2015-08-16 22:13 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 22:13 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 13:26 . 2015-07-16 20:26 5923328 ----a-w- c:\windows\system32\jscript9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-06 09:58 . 2014-12-27 12:13 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 13:47 . 2014-12-26 18:24 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-16 14:03 . 2015-05-30 09:03 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-16 14:03 . 2015-05-30 09:03 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-03 10:12 . 2015-01-26 15:56 33856 ---ha-w- c:\windows\system32\hamachi.sys
2015-07-28 14:29 . 2015-07-28 14:29 3734676 ----a-w- c:\program files\Common Files\1vsocagy.exe
2015-07-15 18:10 . 2015-08-16 13:27 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-16 13:27 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-16 13:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 08:40 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 08:40 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 07:53 . 2015-01-04 10:34 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-23 23:31 . 2015-06-23 23:31 1615016 ----a-w- c:\windows\system32\FM20.DLL
2015-06-18 06:41 . 2014-12-27 12:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-12-27 12:13 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-12-27 12:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 17:47 . 2015-07-15 08:42 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 08:42 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 08:40 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 08:40 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 08:40 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 08:40 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:45 . 2015-07-15 08:40 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:44 . 2015-07-15 08:40 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 08:40 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 08:40 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 08:40 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 08:40 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 08:40 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 08:39 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-09 18:03 . 2015-07-15 08:42 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 18:03 . 2015-07-15 08:42 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-08-03 5579624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 hitmanpro37duringboot;hitmanpro37duringboot;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VirtDiskBus;3TB+ Unlock;c:\windows\system32\DRIVERS\VirtDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VirtDiskBus64.sys [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys;c:\windows\SYSNATIVE\drivers\Abyssus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-05 10:01 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-30 14:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7660760]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 1396592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
FF - ProfilePath - c:\users\Radek\AppData\Roaming\Mozilla\Firefox\Profiles\nkkvlc85.default-1439732266531\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Celkový čas: 2015-09-06 12:01:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-09-06 10:01
ComboFix2.txt 2015-09-06 07:45
.
Před spuštěním: 38 478 475 264 bytes free
Po spuštění: 38 116 405 248 bytes free
.
- - End Of File - - 6FCD6883A9DC595B2F320BE8730E036D
A36C5E4F47E84449FF07ED3517B43A31
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-09-06 12:04:45
-----------------------------
12:04:45.948 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:45.948 Number of processors: 8 586 0x200
12:04:45.948 ComputerName: RADEK-PC UserName: Radek
12:04:46.401 Initialize success
12:04:46.510 VM: initialized successfully
12:04:46.510 VM: Amd CPU supported
12:05:56.237 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
12:05:56.237 Disk 0 Vendor: WDC_WD30 80.0 Size: 2861588MB BusType: 11
12:05:56.237 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007d
12:05:56.237 Disk 1 Vendor: Giga-Byte 1.0 Size: 764436MB BusType: 0
12:05:56.331 Disk 0 MBR read successfully
12:05:56.331 Disk 0 MBR scan
12:05:56.331 Disk 0 Windows 7 default MBR code
12:05:56.346 Disk 0 Partition 1 00 06 FAT16 100 MB offset 2048
12:05:56.346 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 204800 MB offset 206848
12:05:56.362 Disk 0 Boot: NTFS code=2
12:05:56.377 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1892251 MB offset 419637248
12:05:56.393 Disk 0 scanning C:\Windows\system32\drivers
12:06:00.340 Service scanning
12:06:10.371 Modules scanning
12:06:10.371 Disk 0 trace - called modules:
12:06:10.386 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:06:10.402 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d8e2790]
12:06:10.402 3 CLASSPNP.SYS[fffff880019a343f] -> nt!IofCallDriver -> [0xfffffa800d6a3040]
12:06:10.417 5 amd_xata.sys[fffff88001142d00] -> nt!IofCallDriver -> \Device\00000069[0xfffffa800d6878b0]
12:06:10.433 Disk 0 statistics 93354/0/0 @ 12,54 MB/s
12:06:10.433 Scan finished successfully
12:06:28.841 Disk 0 MBR has been saved successfully to "C:\Users\Radek\Desktop\MBR.dat"
12:06:28.857 The log file has been saved successfully to "C:\Users\Radek\Desktop\aswMBR.txt"
Program fd44vqdm neznám
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43063
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu - saophase
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
c:\program files\Common Files\fd44vqdm pokud složku nezná tak ať jí smaže.
Vlož nový log z HJT + informuj o problémech.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
c:\program files\Common Files\fd44vqdm pokud složku nezná tak ať jí smaže.
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu - saophase
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:12:03, on 6.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Radek\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Users\Radek\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8472 bytes
Scan saved at 16:12:03, on 6.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Radek\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Users\Radek\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8472 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů