Prosim o kontrolu LOGU Pawel akutní a naléhavé!!!

[DaytonC]

avast u toho počítače neustále hlasí napadení adwarem malwarem:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01
Ran by Pawel (administrator) on PAWEL-PC on 16-11-2014 17:44:20
Running from C:\Users\Pawel\Desktop
Loaded Profile: Pawel (Available profiles: Pawel)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\ProgramData\25e9dd31-9f4d-45f2-8dac-1413f8cec2c0\maintainer.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(TeamViewer GmbH) C:\Users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Pawel\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
() C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminator.exe
(forum.viry.cz) C:\Users\Pawel\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777736 2013-10-22] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-10-22] (Crawler.com)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\MountPoints2: {11f0f8dd-33cd-11e3-9e1f-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\MountPoints2: {babd8ce4-9995-11e3-b474-00137794d8d8} - E:\autorun.exe
HKU\S-1-5-21-4007258737-3599766240-1494457594-1000\...\MountPoints2: {ea79427b-34d0-11e3-99a8-806e6f6e6963} - F:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: 애ƽ
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=http://127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search? ... earchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search? ... earchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search? ... earchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name -> {11111111-1111-1111-1111-110511421146} -> No File
BHO: No Name -> {11111111-1111-1111-1111-110511421148} -> No File
BHO: FoiineDealSooft -> {2DEE0497-F894-124B-4E4A-30DB918528F5} -> C:\ProgramData\FoiineDealSooft\2GZWD.dll ()
BHO: LUckyyShiopeper -> {492E4B11-6E16-B71C-A09E-07B68716E380} -> C:\ProgramData\LUckyyShiopeper\oBeRe.dll ()
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: LLuuckyShopPEr -> {E2C8868E-6A99-F434-B0D3-BA48E55EAA44} -> C:\ProgramData\LLuuckyShopPEr\Df8bWS.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default
FF Homepage: https://www.facebook.com/|hxxp://www.hr ... google.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: SupraSavings - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\Extensions\j003-lqgrmgpcekslhg@jetpack.xpi [2014-07-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-03]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-22]
FF Extension: No Name - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\extensions\suggestor@suggestor.pirrit.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [Not Found]
FF Extension: No Name - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-02]
CHR Extension: (Yandex.Traffic) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apejnnaepapgobfhogaghfkjpalmmlmp [2014-09-10]
CHR Extension: (YouTube) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Adblock Plus) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-27]
CHR Extension: (Google Search) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (Zoominto) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnkoafephiilajeompiffeohpcloapob [2014-06-09]
CHR Extension: (avast! Online Security) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-22]
CHR Extension: (WiseEnhance) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe [2014-11-16]
CHR Extension: (SharePoint Fix) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Currently) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh [2014-11-16]
CHR Extension: (Gmail) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-16]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MaintainerSvc5.00.026944; C:\ProgramData\25e9dd31-9f4d-45f2-8dac-1413f8cec2c0\maintainer.exe [123680 2014-11-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [587912 2013-10-22] (Crawler.com)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [14448 2013-11-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55240 2014-11-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-16] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57928 2014-11-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-16] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-02-22] (Disc Soft Ltd)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:44 - 2014-11-16 17:44 - 00018122 _____ () C:\Users\Pawel\Desktop\FRST.txt
2014-11-16 17:44 - 2014-11-16 17:44 - 00000000 ____D () C:\FRST
2014-11-16 17:39 - 2014-11-16 17:35 - 00112640 _____ (forum.viry.cz) C:\Users\Pawel\Desktop\FRSTLauncher.exe
2014-11-16 17:39 - 2014-11-16 17:34 - 01108992 _____ (Farbar) C:\Users\Pawel\Desktop\FRST.exe
2014-11-16 17:16 - 2014-11-16 17:16 - 00000949 _____ () C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-16 17:12 - 2014-11-16 17:29 - 00002934 _____ () C:\Windows\PFRO.log
2014-11-16 17:09 - 2014-11-16 17:09 - 00000000 ____D () C:\Windows\system32\vi-VN
2014-11-16 17:09 - 2014-11-16 17:09 - 00000000 ____D () C:\Windows\system32\eu-ES
2014-11-16 17:09 - 2014-11-16 17:09 - 00000000 ____D () C:\Windows\system32\ca-ES
2014-11-16 17:07 - 2014-11-16 17:08 - 00003381 _____ () C:\Windows\setupact.log
2014-11-16 17:07 - 2014-11-16 17:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-16 17:00 - 2014-11-16 17:00 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-16 17:00 - 2014-11-16 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-16 17:00 - 2014-11-16 17:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-16 16:14 - 2014-11-16 16:14 - 00000407 _____ () C:\Users\Pawel\Desktop\bishops stortford 2014.lnk
2014-11-16 16:13 - 2014-11-16 16:13 - 00000383 _____ () C:\Users\Pawel\Desktop\barcelona 2014.lnk
2014-11-16 16:07 - 2014-11-16 16:07 - 00023718 _____ () C:\Users\Pawel\Desktop\1.txt
2014-11-16 15:49 - 2014-11-16 17:28 - 00000000 ____D () C:\AdwCleaner
2014-11-16 15:46 - 2014-11-14 16:59 - 02140160 _____ () C:\Users\Pawel\Desktop\adwcleaner_4.101.exe
2014-11-16 15:34 - 2014-11-16 15:34 - 00000000 _____ () C:\asc_rdflag
2014-11-16 15:30 - 2014-11-16 15:30 - 00000383 _____ () C:\Users\Pawel\Desktop\Pavel mobil X3.lnk
2014-11-16 15:16 - 2014-11-16 15:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-16 14:02 - 2014-11-16 14:02 - 00001871 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-16 14:01 - 2014-11-16 14:01 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-16 14:01 - 2014-11-16 14:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-13 20:38 - 2014-11-16 14:46 - 00000000 ____D () C:\ProgramData\25e9dd31-9f4d-45f2-8dac-1413f8cec2c0

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:36 - 2006-11-02 10:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 17:33 - 2008-01-21 01:35 - 02070970 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 17:33 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 17:30 - 2013-11-02 22:06 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 17:30 - 2013-10-13 05:28 - 00000000 ____D () C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-11-16 17:30 - 2013-10-13 05:14 - 00001356 _____ () C:\Users\Pawel\AppData\Local\d3d9caps.dat
2014-11-16 17:30 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 17:30 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 17:30 - 2006-11-02 12:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 17:28 - 2006-11-02 13:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-16 17:17 - 2014-03-06 19:14 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-11-16 17:16 - 2013-10-13 05:14 - 00000915 _____ () C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-11-16 17:13 - 2013-10-14 07:01 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{657E255A-2870-4823-804C-CE586871EB08}.job
2014-11-16 17:13 - 2006-11-02 12:47 - 00232336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2014-11-16 17:09 - 2006-11-02 12:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\th-TH
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\SLUI
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\it-IT
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\he-IL
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\et-EE
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\el-GR
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\IME
2014-11-16 17:09 - 2006-11-02 11:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-16 16:48 - 2014-03-06 19:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 16:48 - 2013-11-02 22:06 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 15:53 - 2006-11-02 10:23 - 00000246 _____ () C:\Windows\win.ini
2014-11-16 15:48 - 2014-02-17 20:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-16 15:48 - 2014-02-17 20:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-16 15:35 - 2014-03-06 20:26 - 36290560 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-11-16 15:35 - 2014-03-06 20:26 - 29622272 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-11-16 15:35 - 2014-03-06 20:26 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-11-16 15:35 - 2014-03-06 20:26 - 00057344 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-11-16 15:35 - 2014-03-06 20:26 - 00020480 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-11-16 15:34 - 2013-10-13 05:14 - 00000000 ____D () C:\Users\Pawel
2014-11-16 15:12 - 2014-03-06 19:53 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-16 14:38 - 2014-03-06 20:00 - 36290560 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-11-16 14:38 - 2014-03-06 20:00 - 00139264 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-11-16 14:38 - 2014-03-06 20:00 - 00057344 _____ () C:\Windows\system32\config\SAM.iobit
2014-11-16 14:38 - 2014-03-06 19:59 - 29614080 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-11-16 14:38 - 2014-03-06 19:59 - 00020480 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-11-16 14:10 - 2013-11-23 10:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-16 14:01 - 2014-04-21 19:27 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-16 14:01 - 2014-02-22 09:25 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-16 14:01 - 2014-02-22 09:25 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-16 14:01 - 2014-02-22 09:25 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-16 14:01 - 2014-02-22 09:25 - 00057928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-11-16 14:01 - 2014-02-22 09:25 - 00055240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswrdr.sys
2014-11-16 14:01 - 2014-02-22 09:25 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-16 13:59 - 2014-02-22 09:25 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-16 13:49 - 2014-02-22 08:25 - 00000000 ____D () C:\Users\Pawel\AppData\Roaming\TeamViewer
2014-11-16 13:44 - 2013-11-07 19:28 - 00000000 ____D () C:\Users\Pawel\AppData\Roaming\Skype
2014-11-04 14:30 - 2013-12-18 18:51 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 23:25 - 2006-11-02 10:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\Pawel\AppData\Local\Temp\Quarantine.exe
C:\Users\Pawel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{657E255A-2870-4823-804C-CE586871EB08}.job => C:\Windows\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Pawel\Desktop" je 7 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[DaytonC]

je to 32bit OS
ještě připojuji Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 01
Ran by Pawel at 2014-11-16 17:45:17
Running from C:\Users\Pawel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dune 2000 (HKLM\...\Dune 2000) (Version: - )
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 3.0 (HKLM\...\InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}) (Version: 3.0.0.0 - Samsung)
Easy Network Manager 3.0 (Version: 3.0.0.0 - Samsung) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
FoiineDealSooft (HKLM\...\{0D566ABB-889B-AF39-7B6A-23D4C5D54542}) (Version: - FineDeaelSoft) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{C8EBB0DE-5655-4D32-99E1-9447E702A89F}) (Version: 11.1.2.32 - Apple Inc.)
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
LUckyyShiopeper (HKLM\...\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}) (Version: - LucckyShopperr) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Play AVStation (HKLM\...\InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}) (Version: 4.1.20.50 - Samsung Electronics Co., LTD)
Play AVStation (Version: 4.1.20.50 - Samsung Electronics Co., LTD) Hidden
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.82 - Crawler, LLC)
State of War (HKLM\...\{26636A45-55C7-11D5-8ED5-0050BF5CB907}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4007258737-3599766240-1494457594-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pawel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4007258737-3599766240-1494457594-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4007258737-3599766240-1494457594-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4007258737-3599766240-1494457594-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4007258737-3599766240-1494457594-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pawel\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

16-11-2014 16:33:35 Windows Vista™ Service Pack 2

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 10:23 - 2014-04-26 17:32 - 00008846 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw

There are 163 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C395EAC-8BCF-45C0-91CB-550F19C10437} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {327A74E6-2F9E-4961-A58A-798C63C81FE8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {355015D1-0450-4ED4-B040-284146B8DCD6} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-05] (Samsung Electronics Co., Ltd.)
Task: {3B964E3C-4E07-4E76-B1C0-1E3E7A2E121B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {6895A612-49B7-4752-A1AD-337D53F9C652} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)
Task: {831724CC-6BC0-48AC-A969-92FBC2564CFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {AF054B30-E681-473A-8E78-09A6147CB2CE} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {BA110024-94A7-40F3-AA2C-46268734CFA3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB8E6B3A-9850-4B48-9E76-0EFDCA07E9A3} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {C2F33E82-45CD-42CB-9DA1-C9D66DCFA0FA} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {C4260E9B-766B-4C89-8ED5-44A1A462B08F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Pawel => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {F0B332F0-B822-48C7-B50B-6F1D509772C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-16] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{657E255A-2870-4823-804C-CE586871EB08}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

[Márty84]

Zdravim

Odinstalujte Spyware Terminatora a McAfee Security Scan.


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.


Postupujte podle navodu kolegy

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[DaytonC]

adw cleaner:
# AdwCleaner v4.101 - Report created 16/11/2014 at 20:46:44
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Pawel - PAWEL-PC
# Running from : C:\Users\Pawel\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v


-\\ Google Chrome v34.0.1847.137


*************************

AdwCleaner[R0].txt - [25432 octets] - [16/11/2014 15:50:45]
AdwCleaner[R1].txt - [1135 octets] - [16/11/2014 17:23:27]
AdwCleaner[R2].txt - [1674 octets] - [16/11/2014 20:17:52]
AdwCleaner[R3].txt - [1150 octets] - [16/11/2014 20:38:22]
AdwCleaner[R4].txt - [1210 octets] - [16/11/2014 20:44:41]
AdwCleaner[S0].txt - [23718 octets] - [16/11/2014 15:53:41]
AdwCleaner[S1].txt - [1160 octets] - [16/11/2014 17:28:40]
AdwCleaner[S2].txt - [1747 octets] - [16/11/2014 20:20:52]
AdwCleaner[S3].txt - [1132 octets] - [16/11/2014 20:46:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1192 octets] ##########

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows Vista (TM) Home Premium x86
Ran by Pawel on Sun 11/16/2014 at 20:51:53.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421148}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421148}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\FoiineDealSooft
Successfully deleted: [Folder] C:\ProgramData\LLuuckyShopPEr
Successfully deleted: [Folder] C:\ProgramData\LUckyyShiopeper



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/16/2014 at 20:56:58.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek:

Zoek.exe v5.0.0.0 Updated 16-November-2014
Tool run by Pawel on Sun 11/16/2014 at 21:01:32.85.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pawel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/16/2014 9:02:48 PM Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DEE0497-F894-124B-4E4A-30DB918528F5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1086FB68-CFC2-4256-A686-BAF5C67F3B6A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12D716BB-629E-4ECB-B045-7DC2FC92B19} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13204632-4112-4CE0-9E29-85D1779DAAE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1322D9EB-E933-43A7-853E-B37CFB2F9941} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B3503D-231D-43BB-8D7-2754BCD4C55C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{156C833A-A40D-4233-BE19-BDC5BA28252A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15FA2AAC-6668-4FAF-B241-712C30BFCA2D} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{161AF05E-F0BE-480D-B13D-683F9DF6A83} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{179BC2CD-AFAF-45D2-BB4D-191D1DDD8FF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{193F7DD4-4C6D-46DB-BA22-6C1BD79B368} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A422946-A175-49B6-B81-E39C522DF430} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B2929EB-FF01-4E06-9EC2-F5BF3490CF63} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B4D39BC-91C5-421D-A6E5-FC653681E98} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D09BB06-99D1-4AC7-A3D7-B66CE9915219} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DF143DC-66F0-4786-8FE5-5A55186B3BA0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E3BD3D6-EA3A-4D11-90DB-EBE8DCDD74D0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{222E55B0-D1ED-44CF-BA4C-74FBB572C9AD} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22B59ECB-F76A-443F-9D30-B472C6F28058} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2337DB32-ADF3-49F8-953F-D03686121919} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{237420CC-8533-4B95-B970-4585373369F1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23F45440-756D-456C-A740-EBCA4CD9BA0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25419C86-13D6-4AE7-9E61-1CF0B6EA8C6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2563404D-EBF0-4146-BA6C-85798FE9A44} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2768D829-EFDB-4E3D-91B9-116AD157C93B} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29EE365C-1F4E-4960-8F1D-A036E2B1314} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A0C602E-C032-4ECF-B1D3-EB38CC1D86B1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A3C1939-C852-47A1-ABF4-CAD0337BAD64} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BEF7401-2863-4ADD-91AE-38FDA9A67FAF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C4913CA-81-4A98-A360-D11F8AA81743} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C564EEC-DB45-456D-9164-9A88C6C34655} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CFB03E3-FADC-4729-B51-5823F7D295BB} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6EFA03-E76C-4C56-8B27-988E73424DD4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EF20D74-DE4A-406C-A4EE-351D0351045} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F83AD78-4A96-470A-8B3D-77B584F48F50} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{302CBE79-2C7C-4AE7-A665-AB4B30697F54} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{312E6BDF-F3DA-4D8D-96DC-BED75C9A25EA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358A2C9E-3E47-4728-8FA-FCF2411694FE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{359B05D4-195D-499B-BED2-D9CE9E98C9C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3699C493-133A-4B5C-A463-AEC54DD1942} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36A54D41-8564-4FE0-A164-C1FFB919D771} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3891BDAF-9141-44B1-8B7-2C53F8FCF723} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38AA56B8-AF57-43B9-AD9D-B5DDBC7BAABA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3984248-78F7-426D-9131-7BBED017B29} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BF36EBD-64A7-4086-936E-B1665E87722} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D5AAA89-4822-44AA-B748-E4B9536CE51D} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F369187-76DC-4E76-AA67-3BBD7E85B312} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FCDF677-1A62-41F2-B069-66D48F8D4CAC} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4259B3C5-EE8D-4199-8229-D29765DE483} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42B201B0-DDAE-411C-92C-3F968FDACE8} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42F321A4-958A-46EE-A5D0-A6FDF7F93B34} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{453EC3DF-5EA6-4C8B-AC60-C7B6502DF19} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{456747FA-A70B-4DA1-BD33-8FAB4D986DC6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{463112CA-CD7C-48A2-A757-FBBAE5E7B95} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{468B7A71-9C98-4FA5-8587-8B8B4805380} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46D63823-600-45C7-80EC-C48CF2B229F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{478E159E-D582-4C7A-BDDD-F6860FD1783} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47B139C1-FE6D-4CC6-A5A0-E3A09E2D851} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{47EC7834-F88C-44D3-971C-7B1C7F1B541} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{493E6934-E84D-4342-89C5-69CB28D39C72} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{498F8FF2-1ED5-417B-94BB-234B93FB8DAF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{499A9D0B-3A91-467E-8A73-42C7A389C796} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AA7F091-7F6-4F6C-953D-9222263F322} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B4716FA-3550-447A-BD60-9C59F744E519} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C63C6D8-3B9B-4910-95F8-D719F07C6724} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E84C89E-7296-4A89-9213-C3BA92DB96CA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F2C6718-4991-46F4-B3EA-9076DFDC5D6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FFEBFC9-C71-4E37-96FA-AB93406E9D6E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50DE34FD-8950-4D63-9F53-A5576D3A849A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{510CB1F0-3AAC-4FF9-9FA5-FDAD2B7F8988} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5119D024-6F56-4BA8-817C-89A842D1F4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{516B0F3F-19F-4269-83A8-21F2EC3674F5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FD90AB-E952-4801-8D2B-4DA3CB181FC1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52F07C6F-168E-4B05-B7F8-79B1CB288671} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{533A9237-439-48EE-A5B5-40A7E0F13AEE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53FBEFB5-D00D-4909-A3F2-1872FB2562D4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{565A2126-F7B-403B-8EEF-6D8A51256628} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{568F2C77-2958-47B7-9D6C-B8DF76811A8} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{580DB597-BA1A-421C-A99E-0DBC4128BD9} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A1BD530-5A0A-4425-9F2E-493B3B169867} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AB2607C-2E92-45F1-B49C-64B8679F9CFD} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C53ECDD-D22F-4327-B6A4-E7BA594A2D0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DCA2D9B-6F49-4127-A2A0-FD7A4E5FFD92} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5EDAD473-BD3A-4C86-B03B-7DFD6ABFF88} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F0E374C-9F28-46E3-9722-385D2889B253} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F776806-F150-4490-AE9F-DFB5CDC734BD} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FB13D13-5469-4AF3-A5DE-F286F6F72E8F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{604E9EEA-FDA9-4D97-A91C-5FE6127523F5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61B93F5C-D755-4CFC-943-2EC4BB1E53A0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{622A7432-FB0F-4CA6-B2F-376836733DE6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63A6F5CA-FA61-4026-AA7F-534E2C823BB2} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{641750D5-C983-4D32-9157-4173853E5A8B} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6517B7F5-EFD4-4530-8781-8317E413E463} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65B07789-2DF9-49CC-97C0-E31D7163A03F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6676626E-E18E-4C90-A34C-E83B18D8596} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66EF634B-8551-4E9C-BBA3-2D1DF0F912F9} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{674F047F-D792-436F-BBA5-F16B859DFC} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{677DEFF9-9672-482A-9EBE-164C7D69AE53} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67BB5117-1707-4DC0-902A-41EE771F7B4B} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68138F32-B826-4F32-B89B-D0E224C96116} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68C051-7-41C9-A9D4-A2A45C471E6F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69164912-D5F4-482D-8AD4-31ACFDB05F25} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69B504D4-E577-47C1-B95-24CE1F3CEA89} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69E08ABF-85FF-47DE-BD66-E5EAD6FD4926} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6a37e515-7e8b-43f7-91f6-fe05e56d48e4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C10E195-896F-41CF-B54F-6B181539D2F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C556E38-13E-43A6-9CCA-6C9357DF881D} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CC656EB-8A53-4837-B03F-3BC31CFB07D} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E1AB167-5ED9-4839-A239-28FF49651CB2} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EC16AC7-3559-44BF-98DA-F1FDBC2DC72} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F8E0DA2-3A0-4B30-89E8-81537A7AD55C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FE2E138-4FE3-4595-AD5D-4DBD6A6763EB} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7033C024-C927-4815-96D-EA1E76367AC0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7034D8CB-59F-47F9-9D76-6CA84468DBD8} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{705A22D3-20A-4A4A-9BFC-4F1E64385B6F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7180F640-9A70-422E-9444-BD1D5C8CFEE1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{718E8A7E-CE54-4759-AEDA-7CF35DB3F178} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{728580DD-52AD-42CE-87E5-F18EB1924033} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74356241-B8E2-4164-8550-117F035826} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7501F14E-9FB4-4842-89DE-42AE126F519E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{753D3B1F-EA8-463B-A052-468B70EB38B4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{779FC0C6-5724-4625-BEBF-AC723414061} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78CC447D-5B5D-435C-BAB-94108B3394B0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78E8E9F6-BC7C-465C-A38E-9CE65EEE815} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79772A0A-4375-4E9D-BA67-26C64349AE84} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A0C47D9-E946-4FF6-B6CF-AE5A6A711E4F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AC221F1-AA04-47AC-92F-46D5D2BC1AC5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C40D903-A22E-4BE5-8014-339FB79D3820} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C69EEBD-E3A-44D6-B6CE-C3944C141B4F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7CCEE032-2080-42C2-A2F0-62C46B2223C6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87061B-3D9A-49B5-B571-9FCBF1C55D6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCF0E08-5621-41EF-AAEE-E261468D4F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EBE9F83-2423-407E-ABED-CFB1C8C17BE1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F110492-4CD5-486B-8AA3-8137AF74CCA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80C7C2A2-77E-4AF2-9C42-34E17A5ED75} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81644BBD-D61B-457C-A186-3FC682A7E073} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{820E4B12-BB4-4FF7-A669-15D3C423C12} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85869A49-C2EB-4925-9C49-A0F0535B83A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85B35E39-A228-4D64-996E-B65F51AAB242} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85F737F1-C03-4E0D-A44E-787D1F57D6B} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85F87477-2264-42B7-947D-2ADACF82AF4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8693A3D2-2132-43F8-A8F4-8FC050C1E23C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{873E1416-E50C-438A-AEF6-7D381A35C8D5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{876378CC-D4CB-4B14-814F-80ED4180910} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877ABB96-AC91-4C7C-9BCE-98EC82396AE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87973899-CE55-4BA0-9E43-5B8DE36B5A1E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A45AB9-EF3F-498F-968D-6DAADA62E78} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{880B19C4-824C-491D-9591-3E463E95C750} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8872C7AA-6ACA-4B3B-A0F-A77E917C84D6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A5CDCBB-CBAD-4347-883F-A53BBD757AC} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A829EBD-7DB5-47D0-AADD-F8809A721415} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B536E41-B508-4B11-AD52-5C6D4B5DF51} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C75D285-39CA-471C-9596-40D0293E88D5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C869BA2-86AC-4B99-AF19-96C72A2BE0FF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D00075E-CECC-4E71-9F63-EEA97D19B370} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E05ADFE-BE5E-415C-87DD-49C5F5C37BB1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E3FBB0F-BD08-45BF-B7E5-DC942948E4E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{904C03F3-5A4D-495A-B9F2-E0BECA48D6A5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90A4608-8B91-4587-AD38-6C321F44955} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E607-15AC-487D-95F3-C4499653849A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91D9DFDE-892F-4C73-B45C-5E30E6DAD6C9} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{921F9021-8BB0-40AF-ACB3-A11436139968} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92DAC30B-36D6-46BA-8036-73454B483F99} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{948A0AB8-BD35-4BA6-A41E-405A708479C2} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{956C1552-B0C5-423A-A187-3A9C56608D80} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96B4EE4A-23B4-42E3-9E83-32766B1E1A1F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99D22EB9-DF3-47A9-9778-4B7F25A0F27} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AED7C6-781E-4A97-B635-B3AEC8BB735E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BE00F34-3BA6-4304-93D6-137FD748EBD7} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C44384-CE1E-4759-A9CD-77A977FE53F6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F815E1E-9240-4F48-A7B8-518F3295BE71} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FB0013A-7E90-4CA4-B5FF-ACF5348C90C5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A06EB798-F07D-4C43-BC59-B7C6A8EEC8A4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07485EE-D8E-4ECE-B23B-2D7C2E5C4B8} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2B7291F-14F4-4FFA-819B-7FDC29678D1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A43BF4B9-8912-46A4-85B1-CD4F55C7F3E0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A456C577-1DDC-42DB-90E6-4B743373DED} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5765773-B2FC-465B-8742-B330FA311724} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A57DB3DD-4594-40E6-8D97-7BF7CEBBAD34} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A60FF417-C947-480C-92B2-D27EB9FA1A9C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7C0A84E-2695-44BB-87C6-8F60619FD4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7E9A749-FF28-448B-9E1E-135EFECCAABB} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7FFFE05-72D8-4DF7-8B1E-CEF13E12CE8} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8B6D0BB-CC8A-4BF5-9DD9-863A4FC14A42} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A97BA794-8822-465D-A579-98FFE7959E6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9DCA18C-3719-4526-BD87-F134AF3799E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA1168C4-BA85-48D4-A63-23416CFC7460} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF50EDDC-D76E-400C-B0CB-96C3DAA7D43} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB14E5A-31F-4C04-866D-1BE7447451C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D1EA86-BEDE-4D4D-AF6E-9593C6DA3C6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B39E3601-2A12-4340-892-6FDF1C61829F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B40372C7-21F6-44C3-8DFB-EDBB676EC8A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B59D3157-4524-4985-80D5-B368FFE621C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5DA29AB-49C7-4D55-A598-63D1C2A711A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B73B6F02-9EE4-4791-882D-54E0DFAE3F6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8F98FA4-3C81-4EFB-B93-3067FE4AE153} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B94C1C5B-4A-4606-A73B-45DDC2E3E02E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9DED54A-DF7-4FFC-9310-735690BC463} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C06D3E44-5C1A-4DC3-9931-67A1862DB941} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0EC1D4-A5B0-44EA-AAB7-F525743F5B5} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1D04442-7D67-4668-968D-DD25E018F77} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C23CFCD-BD62-4404-8D21-AF5DBA6C6FDC} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3E6E603-9C83-4E30-B565-83BD396539DA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C60D8C30-241D-4A9D-81EF-76DC8B62F6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6E751E9-841B-4239-9D6A-3BF4E3E39752} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C78B79A3-812C-4D7E-9D1F-1BE744CC3545} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C891ACBE-2FCB-4AC7-8B13-2D735B672CBE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8A58FC9-FD75-4750-8BBA-6F4C94A4676} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8A5DC4D-F4D7-45E5-93D0-8CD8AAA941DD} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9AC66E8-4A5E-4922-9383-EA9038DF238D} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB0D2430-8A25-4349-892B-C93FAFFCE74} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB425443-113-42FD-9752-82CAC8D7CCF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBC6BBF-7E86-4F96-AC91-34636882B2AD} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC0AA7D8-AE82-4557-B815-6BBEAE78EB4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCB3F79F-59B4-484F-A8A4-713AFDE6F5CA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEA75CF4-212A-4A03-8C71-92FFB3C7C3C0} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF4F04E7-30C3-411E-B5F0-277E5E711874} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D020BF72-EB9-4E70-8746-E3A8F4F1A1AC} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D10C1454-FD16-4C08-8BC0-9770BC292D1F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D16B6460-6BF6-4F3F-B55D-493BDBE7BF7F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D288BCB7-F6A0-4106-9C4D-B053F87DE54} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4CFF783-3588-4B99-81AE-9D31C18CBF3} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D641EA4B-8939-42B3-B239-D2EB5CA81A81} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D65F10DA-9A2B-49F9-9660-86EBC4EDB05E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D66A767E-639B-403A-80CD-72F749A5687C} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D84376AD-52DE-491D-BBFE-465413A81486} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9DAD4A-43DE-4883-961F-A895244E6B47} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA5C464A-3C4E-4E54-90A6-7B7318516D7A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAB7211C-DF3A-4A66-B52E-C5E3AF37E543} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBC09678-CFA9-4036-B376-5D2983F15DFF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDDA6A7-8F35-449A-9D19-FBE296607CBE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE24ACE7-8A67-4A49-A62F-8CDAA6AE3338} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEE58A14-1DDA-448A-8CC8-8B8D49574DB} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFB6D762-3AC-406A-9965-9B7D4785DD} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E01A82D7-D8EF-4069-8C9C-843A7EB8DCF} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e05b8f26-1c76-45c5-86f2-f827c3694d77} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0FC11A3-3083-4B08-B7F0-7629A083B140} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1559EED-6438-4941-ABCF-6BE3C6A488FE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E37B5D73-50A5-4B10-9047-DB381C56BB61} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3CE425D-3B5-4910-B0F2-D71C7AA15DAC} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E5EB2897-A555-4397-B175-7EB24E9C5E92} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6ED4802-1F58-4D4C-943E-B1322E29388F} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8741910-E210-4D70-B14F-239D7CD9F4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E98658C8-9801-40F5-B35C-B093FBD27558} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB361495-10BD-4791-937B-3BA54E866020} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC7DFB5C-3199-4205-826D-7F1CE8C47FE4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED5428BF-4940-44E1-B8E8-A2285DA96910} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF9D2DF1-B24E-4010-A2C4-3288CD7756DB} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F033448E-5856-4511-86CA-A04E5572A3F2} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0B9CF83-7D2D-4D34-8215-96D0E6E8E58} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0E41D6D-AAC1-4B27-9A31-EFA59DA75FA} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2444932-481A-4ED1-9A3F-D2FCC322C3A6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3BC1312-EEB1-427C-A6E0-6DBA64D8ABC6} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3E102C3-BEC-45A4-A663-4E4C2C9C3A9D} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F44F03BD-4570-4F96-ABA-32F023CB2A30} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4604169-3628-4261-9c46-8fa86d5f56bb} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5DFBABC-BFF4-4B15-82B6-AED5704B633} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5F77EB8-4896-4B12-A6E6-C0C889FDED1E} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6435DC1-8885-4940-8412-E564F162C043} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7B6C815-16B2-465F-9D3B-36217476D25} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9463B42-44F9-4CE4-AB23-1533D2F2A4F3} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F94C6C84-2AA3-47CE-980-D4A4F477C85} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa107855-924b-42b0-9997-97914d2509d3} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA2E905-A40A-417C-B5B0-815D972E90D4} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD1A2F7D-4112-4B34-8A99-73E1E0A618A1} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD9E202F-949B-4D6D-BE2B-475B2210718A} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE0DEE9-A981-4E7C-81D1-46A3E1731CBE} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFAA9569-7700-40A5-9D4B-6CFF87BF47B} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFB303E6-9CA2-4B76-ADF1-5F9EDB5A59E1} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2DEE0497-F894-124B-4E4A-30DB918528F5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2DEE0497-F894-124B-4E4A-30DB918528F5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DEE0497-F894-124B-4E4A-30DB918528F5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6a37e515-7e8b-43f7-91f6-fe05e56d48e4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e05b8f26-1c76-45c5-86f2-f827c3694d77} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f4604169-3628-4261-9c46-8fa86d5f56bb} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa107855-924b-42b0-9997-97914d2509d3} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{fe063412-bea4-4d76-8ed3-183be6220d17} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511421146} deleted successfully
HKEY_USERS\S-1-5-21-4007258737-3599766240-1494457594-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110511421148} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.facebook.com/|http://www.hr ... google.cz/");

Added to C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Pawel\AppData\LocalLow\{2DEE0497-F894-124B-4E4A-30DB918528F5} deleted
C:\Users\Pawel\AppData\LocalLow\{E2C8868E-6A99-F434-B0D3-BA48E55EAA44} deleted
C:\Users\Pawel\AppData\Roaming\temp.ini deleted
C:\PROGRA~2\ProductData deleted
C:\Users\Pawel\AppData\Local\nsr4B42.tmp deleted
C:\Users\Pawel\Downloads\rcp_dcomnew_sec_728 (1).exe deleted
C:\Users\Pawel\Downloads\rcp_dcomnew_sec_728 (2).exe deleted
C:\Users\Pawel\Downloads\rcp_dcomnew_sec_728 (3).exe deleted
C:\Users\Pawel\Downloads\rcp_dcomnew_sec_728.exe deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default\extensions\staged deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/16/2014 02:01 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default
- Undetermined - C:\Program Files\IObit Apps Toolbar\FF
- SupraSavings - %ProfilePath%\extensions\j003-lqgrmgpcekslhg@jetpack.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\f3iwnlpx.default
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
9D4A0B314CB9CF134CA27E1E0217E51E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
D1DC265C3FF7F92B4A75A55B3749D48C - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
04AF8BC83A89D9B71F7E0BCAF9FDD768 - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/16/2014 01:59 PM]

Yandex.Traffic - Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apejnnaepapgobfhogaghfkjpalmmlmp
Zoominto - Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnkoafephiilajeompiffeohpcloapob
avast Online Security - Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
WiseEnhance - Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe
SharePoint Fix - Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc
Currently - Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh

==== Chromium Startpages ======================

C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.msn.com/?pc=UP97&ocid=UP97DHP",
"startup_urls": [ "http://www.seznam.cz/", "https://www.facebook.com/?stype=lo&jlou ... MorrWJiAwQ" ],


==== Chromium Fix ======================

C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apejnnaepapgobfhogaghfkjpalmmlmp deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apejnnaepapgobfhogaghfkjpalmmlmp_0.localstorage deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnkoafephiilajeompiffeohpcloapob deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbkoobmboaainhbkbdojincpeoldlfc deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmbkoobmboaainhbkbdojincpeoldlfc_0.localstorage deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojhmphdkpgbibohbnpbfiefkgieacjmh_0.localstorage deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojhmphdkpgbibohbnpbfiefkgieacjmh_0.localstorage-journal deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_loepaecnehfgonejbbblmobcfmcafbfe_0.localstorage deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_loepaecnehfgonejbbblmobcfmcafbfe_0.localstorage-journal deleted successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loepaecnehfgonejbbblmobcfmcafbfe deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://uk.search.yahoo.com/yhs/search? ... earchTerms}"
"Search Bar"="https://uk.yahoo.com/?fr=hp-avast&type=agc511"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://uk.yahoo.com/?fr=hp-avast&type=agc511"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search"

==== Reset Google Chrome ======================

C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D566ABB-889B-AF39-7B6A-23D4C5D54542} deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pawel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=78 folders=30 22505801 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pawel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Pawel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Pawel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Sun 11/16/2014 at 21:39:30.85 ======================

[Márty84]

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[DaytonC]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2014
Scan Time: 7:05:21 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.17.06
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Pawel

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 426902
Time Elapsed: 1 hr, 40 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.MaintainerSvc.A, C:\ProgramData\25e9dd31-9f4d-45f2-8dac-1413f8cec2c0\maintainer.exe, 3572, , [5387c5778fed8bab2fff26baea176e92]

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.MaintainerSvc.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MaintainerSvc5.00.026944, , [5387c5778fed8bab2fff26baea176e92],
PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro, , [e9f11c20f18b0b2b49fb34318083748c],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, , [9e3c71cb8def181e115396cfa45f6d93],

Registry Values: 2
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\Mysearchdial\1.8.29.0\, , [6b6fc676c2ba1323d13ad7d1699b7c84]
PUM.Bad.Proxy, HKU\S-1-5-21-4007258737-3599766240-1494457594-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=http://127.0.0.1:9880, , [e8f280bcbfbd0b2bb8386ad7e41fd52b]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.AdPeak.A, C:\temp, , [835755e7ff7db5817ffd3222917208f8],
PUP.Optional.AdPeak.A, C:\temp\avastBCLTMP, , [835755e7ff7db5817ffd3222917208f8],
PUP.Optional.AdPeak.A, C:\temp\avastBCLTMP\chrome, , [835755e7ff7db5817ffd3222917208f8],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, , [defc1a225329a492af2516f6a45f01ff],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_imonhoeiopfgoncjdldhhfjgocghkbbl_0, , [d802f14b7606be78a92fd7359c670ff1],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl, , [6a70ab9196e6b581984ca3699f64bc44],

Files: 75
PUP.Optional.MaintainerSvc.A, C:\ProgramData\25e9dd31-9f4d-45f2-8dac-1413f8cec2c0\maintainer.exe, , [5387c5778fed8bab2fff26baea176e92],
Trojan.Agent.SVR, C:\AdwCleaner\Quarantine\C\Program Files\003\buuoujqmrk32.exe.vir, , [e1f9cf6d93e9be78e1fa5135837e40c0],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDeals\BonanzaDealsIE.dll.vir, , [d80285b7c3b91b1b90c3320a28d9bd43],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir, , [03d761db4a32db5b64f083b941c0b848],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir, , [cb0fe25ac2ba2d09c490a89422df9f61],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir, , [6d6ddd5f8bf1b58160f4c17bcb3610f0],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir, , [a13906362d4f45f173e1390307facc34],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir, , [0bcf4eeec1bba49288cc3b01e31eae52],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir, , [27b3fd3fa3d9082e4311142878897987],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir, , [6773211bc2baf6407bd9ee4ec0411de3],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir, , [92483606a8d4bc7a411364d8827f3ec2],
PUP.Optional.BonanzaDeals.A, C:\AdwCleaner\Quarantine\C\Program Files\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir, , [08d257e582faaf87d183f14b827f30d0],
PUP.Optional.Feven.A, C:\AdwCleaner\Quarantine\C\Program Files\Freeven pro\5ff1947e-b5fb-4120-9514-8cf167f59253-5.exe.vir, , [e9f1a8941369cd694eaea9dc4bb618e8],
PUP.Optional.Feven.A, C:\AdwCleaner\Quarantine\C\Program Files\Freeven pro\Freeven pro-bg.exe.vir, , [e3f7be7eacd067cf13e9c4c1dd2444bc],
PUP.Optional.Feven.A, C:\AdwCleaner\Quarantine\C\Program Files\Freeven pro\Freeven pro-bho.dll.vir, , [51898daf16661e187e7e384d16eb3ec2],
PUP.Optional.Feven.A, C:\AdwCleaner\Quarantine\C\Program Files\Freeven pro\Freeven pro-codedownloader.exe.vir, , [10ca81bb2f4df93d758787fe837e2bd5],
PUP.Optional.Feven.A, C:\AdwCleaner\Quarantine\C\Program Files\Freeven pro\utils.exe.vir, , [35a5b389b4c8bc7af215eb553fc1fb05],
PUP.Optional.FreeSoftToday.A, C:\AdwCleaner\Quarantine\C\Program Files\fst_gb_4\freeSoftToday_widget.exe.vir, , [e1f9c775acd09b9b3a2b3a0f9b65f709],
PUP.Optional.MediaPlayerplus.A, C:\AdwCleaner\Quarantine\C\Program Files\MediaPlayerplus\0e98351f-2d8e-459d-a4f9-c8ad5ef1d1fb-5.exe.vir, , [5387b08c413b8da9831c3a4bb94842be],
PUP.Optional.MediaPlayerplus.A, C:\AdwCleaner\Quarantine\C\Program Files\MediaPlayerplus\MediaPlayerplus-bg.exe.vir, , [8753c17b97e5a59159464540b44de719],
PUP.Optional.MediaPlayerplus.A, C:\AdwCleaner\Quarantine\C\Program Files\MediaPlayerplus\MediaPlayerplus-bho.dll.vir, , [f3e7320a8cf0f83e425d7114867b50b0],
PUP.Optional.MediaPlayerplus.A, C:\AdwCleaner\Quarantine\C\Program Files\MediaPlayerplus\MediaPlayerplus-codedownloader.exe.vir, , [6674c97381fb38fe9a0596efa55c5fa1],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files\MediaPlayerplus\utils.exe.vir, , [9e3cbd7fd3a985b170a0e2774bb525db],
PUP.Optional.MyPCBackup.A, C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir, , [f6e4bf7d5b21989eee895589ed1424dc],
PUP.Optional.MyPCBackup.A, C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\Service Start.exe.vir, , [09d19ca09ede56e0b4c3f9e59968f808],
PUP.Optional.MyPCBackup.A, C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\~updates\MyPC Backup.exe.vir, , [4e8c0636b0cc66d07dfae4fac140db25],
PUP.Optional.MyPCBackup.A, C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\~updates\Service Start.exe.vir, , [4991b686eb917bbb3c3b12ccda278779],
PUP.Optional.WiseEnhance.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\updateWiseEnhance.exe.vir, , [15c50e2e6913b284a8f3196828d9f10f],
PUP.Optional.WiseEnhance.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\utilWiseEnhance.exe.vir, , [7f5bfb41a7d574c29803d6ab0af77a86],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.Bromon.dll.vir, , [5f7b2913a0dcdd5958c1a61f06fb5aa6],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.BroStats.dll.vir, , [9941b08c3f3d3204d842fcc947bac53b],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.BrowserAdapter.dll.vir, , [d901c4780577cf67611f6d5d6a97c739],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.CompatibilityChecker.dll.vir, , [8d4d74c803799f9751c7b4116c9545bb],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.FFUpdate.dll.vir, , [7c5ebd7f750757df1601c302c33e9b65],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.IEUpdate.dll.vir, , [409ae6563c402d090f079332e21fd030],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.PurBrowse.dll.vir, , [e6f468d4e49812247fa48c0324dd837d],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\deal4real\3FHT2heb5l8kcA.dll.vir, , [3c9e0a3223594ee8ee4515aaca37cd33],
PUP.Optional.MultiPlug, C:\AdwCleaner\Quarantine\C\ProgramData\LucckYCOiupaOn\P.dll.vir, , [9941ab911369d3637fb4239c966bbe42],
PUP.Optional.FreeSoft, C:\AdwCleaner\Quarantine\C\Users\Pawel\AppData\Local\fst_gb_4\Download\majfst.exe.vir, , [35a56eced3a9a393d1b1fc975aa75ea2],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, , [06d47cc0cfadcd69c0e708351fe146ba],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [37a3b5876913ad89a1a601190ff6867a],
PUP.Optional.BundleInstaller.A, C:\Users\Pawel\Downloads\Java (1).exe, , [a337d16b1a6291a5df24eb74976a0cf4],
PUP.Optional.BundleInstaller.A, C:\Users\Pawel\Downloads\Java (2).exe, , [5585bc805b213afc659e1e41778a46ba],
PUP.Optional.BundleInstaller.A, C:\Users\Pawel\Downloads\Java.exe, , [73679ca0b3c96acc59aa61fe6e93da26],
PUP.Optional.DomaIQ.Gen, C:\Users\Pawel\Downloads\Player Setup.exe, , [8d4dc4787507181e7ade704c59a86d93],
PUP.Optional.InstallCore.A, C:\Users\Pawel\Downloads\VLC-media-player(13060).exe, , [558590ac394358deb4c4ea50e61b8f71],
PUP.Optional.SnapDo.A, C:\Windows\Installer\10810e6.msi, , [677348f49fdd2a0c3060930aa65bf20e],
PUP.Optional.RegCleanPro, C:\zoek_backup\C_Users_Pawel_Downloads_rcp_dcomnew_sec_728 (3).exe.vir, , [27b37dbf8bf10c2a6f53e2524bb523dd],
PUP.Optional.RegCleanPro, C:\zoek_backup\C_Users_Pawel_Downloads_rcp_dcomnew_sec_728.exe.vir, , [607abe7eb0ccb97d586ad55f7789d12f],
PUP.Optional.RegCleanPro, C:\zoek_backup\C_Users_Pawel_Downloads_rcp_dcomnew_sec_728 (2).exe.vir, , [ca1080bc3448e74f873bf63e3fc1817f],
PUP.Optional.RegCleanPro, C:\zoek_backup\C_Users_Pawel_Downloads_rcp_dcomnew_sec_728 (1).exe.vir, , [bc1e44f8c9b3d85eb40e0034f40c11ef],
PUP.Optional.OpenCandy, D:\Programy\DaemonTools\DTLite-setup.exe, , [5c7e003c3844a78f2ed4452c9d68c63a],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, , [835755e7ff7db5817ffd3222917208f8],
PUP.Optional.AdPeak.A, C:\temp\t.txt, , [835755e7ff7db5817ffd3222917208f8],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0.localstorage, , [f0ea59e38af2ee48f942075ea85b1ae6],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_imonhoeiopfgoncjdldhhfjgocghkbbl_0.localstorage, , [c218013bc3b99a9cfa45c0a516edc838],
PUP.Optional.ReMarkable.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, , [7f5bd9631864ba7cfdcf3677ec187f81],
PUP.Optional.ReMarkable.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, , [a634c874007cdf576468cde056ae37c9],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0\41, , [defc1a225329a492af2516f6a45f01ff],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_imonhoeiopfgoncjdldhhfjgocghkbbl_0\42, , [d802f14b7606be78a92fd7359c670ff1],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000392.ldb, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000394.ldb, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\000395.log, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\CURRENT, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOCK, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\LOG.old, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd\MANIFEST-000393, , [b327e25aa4d8d2645d831bf1a45f53ad],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\000397.log, , [6a70ab9196e6b581984ca3699f64bc44],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\000398.ldb, , [6a70ab9196e6b581984ca3699f64bc44],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\CURRENT, , [6a70ab9196e6b581984ca3699f64bc44],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\LOCK, , [6a70ab9196e6b581984ca3699f64bc44],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\LOG, , [6a70ab9196e6b581984ca3699f64bc44],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\LOG.old, , [6a70ab9196e6b581984ca3699f64bc44],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl\MANIFEST-000395, , [6a70ab9196e6b581984ca3699f64bc44],

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

Vsechny nalezy hodte do karanteny. Po restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

[DaytonC]

ty viry z prvního testování můžu z karantény uplně smazat????

těchhle 6 se vrací...

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/19/2014
Scan Time: 7:43:24 PM
Logfile: LOG2.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.19.06
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Pawel

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 432808
Time Elapsed: 1 hr, 40 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_majjphhgppkndjjkmhhnbgafooenebhd_0, , [841e8db057259e98705c59b519ea9a66],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_imonhoeiopfgoncjdldhhfjgocghkbbl_0, , [69391a23285484b2ad23917de023e51b],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\majjphhgppkndjjkmhhnbgafooenebhd, , [366cd66788f4ce6805d3e628ac57ca36],
PUP.Optional.CrossRider.A, C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imonhoeiopfgoncjdldhhfjgocghkbbl, , [8e1482bbc1bbe353805c8a84ef14df21],

Files: 2
PUP.Optional.DomaIQ, C:\Users\Pawel\Downloads\Setup.exe, , [b4eea6978cf077bf723cbaa4d030f40c],
PUP.Optional.OpenCandy, D:\Programy\DaemonTools\DTLite-setup.exe, , [0d957dc0d6a690a6419f373c53b2e917],

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

[DaytonC]

MBAM výsledek je čistý...

spouštím google chrome natukám youtube vyskočí hláška avastu o detekci škodlivého viru kde je v hranatých závorkách napsáno "mal"
co s tím dál?

[DaytonC]

-----------------------------------------------------------------------

[Márty84]

Postupujte podle navodu kolegy

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[DaytonC]

/-------------------------------------------
1. počítač je fyzicky někde v Anglii spravuju jej pomocí Teamviewru9
2. virus ktery byl detekován Avastem zmizel po odstranění podezřelého doplňku s názvem "Coupon něco" už si nepamatuju přesně
3. provedu kontrolu pomocí JRT a Zoek
4. po prohlížení PC byla zjištěna ještě jedna kopie vist v PC ...jak ji odstranit aby nebyly smazány data na disku?
5. počítač nabíhá docela pomalu a okna zobrazuje stylem že spustí jakko by obrys okna a po chvilce ten obsah

[Márty84]

1. počítač je fyzicky někde v Anglii spravuju jej pomocí Teamviewru9

OK

2. virus ktery byl detekován Avastem zmizel po odstranění podezřelého doplňku s názvem "Coupon něco" už si nepamatuju přesně

Vetsinou to tak je , ze je tam zazrany nejaky doplnek.

3. provedu kontrolu pomocí JRT a Zoek

Nemusite. Udelame to jinak.

4. po prohlížení PC byla zjištěna ještě jedna kopie vist v PC ...jak ji odstranit aby nebyly smazány data na disku?

Jaka kopie? Kde?

5. počítač nabíhá docela pomalu a okna zobrazuje stylem že spustí jakko by obrys okna a po chvilce ten obsah

Zatim neni pc docisteny, snad se to zlepsi, az skoncime.




Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)



Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[DaytonC]

(4). vlastnosti systemu advanced /start up and recovery/ setings jsou tam v rozbalovacím seznamu na výběr 1.microsoft windows vista a 2.windows vista (TM) home premium (recovered) bohužel nemám ani potuchy ze které je spuštěn tento OS a úpravou(smazáním by mohlo taky dojít k tomu že vindowsy nepojedou žadné) což si jaksi nemůžu dovolit když nemám k PC fyzický přístup...

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium Edition SP2 [6.0 Build 6002] (x86)
Date : 2014/11/22 10:48:59

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH9M-E/M SATA AHCI Controller [ATA]
- WDC WD2500BEVT-00A23T0
- TSSTcorp CDDVDW TS-L633A
- Microsoft iSCSI Initiator [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD2500BEVT-00A23T0 : 250.0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD2500BEVT-00A23T0
----------------------------------------------------------------------------
Model : WDC WD2500BEVT-00A23T0
Firmware : 01.01A01
Serial Number : WD-WX31A5162903
Disk Size : 250.0 GB (8.4/137.4/250.0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 488397168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 2240 hours
Power On Count : 827 count
Temparature : 35 C (95 F)
Health Status : Good
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 157 150 _21 000000000475 Spin-Up Time
04 _99 _99 __0 00000000045C Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 100 253 __0 000000000000 Seek Error Rate
09 _97 _97 __0 0000000008C0 Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C 100 100 __0 00000000033B Power Cycle Count
C0 200 200 __0 000000000080 Power-off Retract Count
C1 190 190 __0 0000000077F9 Load/Unload Cycle Count
C2 108 _92 __0 000000000023 Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 100 253 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 100 253 __0 000000000000 Write Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 4135 4135 3136 3239 3033
020: 0000 4000 0032 3031 2E30 3031 3031 5744 4320 5744
030: 3235 3030 4245 5654 2D30 3233 3233 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 1F06 1F06 0000 004C 004C
080: 01FE 0000 746B 7D09 6163 BC09 BC09 6163 407F 0022
090: 0022 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 5970 1D1C 0000 0000 0000 0000 0000 0000 5001 4EE2
110: 5B33 D005 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0021 0000
130: 0000 0000 0000 16E5 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 7037 7037 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0CA5