Mailware - vyskakovací reklamní okna v prohlížeči atd.

Zpráva

roan · #1 Příspěvek od **roan** » 08 kvě 2015 14:56

Ahoj, potřeboval bych pomoct se zablešeným počítačem, zkoušel jsem spustit adwcleaner, zoek, anti-malware, hitman pro, windows defender, avast a ještě asi 10 jednorázových utilit. Odinstaloval jsem všechno co jen šlo, firefox přepnul nejmíň 20krát do továrního nastavení a pořád vyskakují reklamní okna, přesměrovává to odkazy atd. Prosím tedy o pomoc od někoho zkušenějšího než jsem já.
Děkuji

Log jsem musel přiložit jako přílohu, protože bych ho musel rozdělit asi do 5 zpráv z důvodu velké velikosti

#2 Příspěvek od **Márty84** » 08 kvě 2015 16:00

Zdravim

Odinstalujte Chrome a smazte veskere slozky, ktere po nem pripadne zustanou. Neco v nem je a tohle nejde opravit skriptem.

Stahnete novy AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte novou kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

roan · #3 Příspěvek od **roan** » 08 kvě 2015 16:59

Odinstalovat Chrome nebo Firefox?

#4 Příspěvek od **Márty84** » 08 kvě 2015 18:08

Chrome

roan · #5 Příspěvek od **roan** » 08 kvě 2015 18:15

Tak to bohužel nevím jak, protože jsem chrome vůbec neinstaloval a nemám ho ani v programech k odinstalaci,ani na disku ho nemůžu najít

#6 Příspěvek od **Márty84** » 08 kvě 2015 18:20

V tom pripade tam jsou nejake jeho zbytky.

Pokracujte tedy dalsimi kroky a to pak najdem skriptem.

roan · #7 Příspěvek od **roan** » 08 kvě 2015 18:59

Log z Adwcleaneru
# AdwCleaner v4.203 - Log vytvořen 08/05/2015 v 19:57:48
# Aktualizováno 30/04/2015 by Xplode
# Databáze : 2015-05-08.1 [Server]
# Operační system : Windows 8.1 Pro (x64)
# Uživatelské jméno : roan_000 - PC-ROMAN
# Spuštěno z : C:\Users\roan_000\Desktop\adwcleaner_4.203.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v37.0.1 (x86 cs)

*************************

AdwCleaner[R0].txt - [9166 bytů] - [15/04/2015 19:09:12]
AdwCleaner[R10].txt - [1511 bytů] - [08/05/2015 13:37:10]
AdwCleaner[R11].txt - [1565 bytů] - [08/05/2015 19:55:29]
AdwCleaner[R1].txt - [6734 bytů] - [07/05/2015 20:54:39]
AdwCleaner[R2].txt - [6792 bytů] - [07/05/2015 20:55:49]
AdwCleaner[R3].txt - [1044 bytů] - [07/05/2015 20:59:37]
AdwCleaner[R4].txt - [1103 bytů] - [07/05/2015 21:00:38]
AdwCleaner[R5].txt - [1161 bytů] - [07/05/2015 21:02:09]
AdwCleaner[R6].txt - [1219 bytů] - [07/05/2015 21:12:44]
AdwCleaner[R7].txt - [1278 bytů] - [07/05/2015 21:22:22]
AdwCleaner[R8].txt - [1336 bytů] - [08/05/2015 11:00:17]
AdwCleaner[R9].txt - [1452 bytů] - [08/05/2015 11:33:32]
AdwCleaner[S0].txt - [6935 bytů] - [15/04/2015 19:11:12]
AdwCleaner[S1].txt - [6543 bytů] - [07/05/2015 20:56:58]
AdwCleaner[S2].txt - [1398 bytů] - [08/05/2015 11:00:50]
AdwCleaner[S3].txt - [1490 bytů] - [08/05/2015 19:57:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1548 bytů] ##########

roan · #8 Příspěvek od **roan** » 08 kvě 2015 20:15

druhý log
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 8. 5. 2015
Čas skenování: 20:01:47
Protokol: log.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.05.08.06
Databáze rootkitů: v2015.04.21.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: roan_000

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 778250
Uplynulý čas: 1 hod, 11 min, 8 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#9 Příspěvek od **Márty84** » 09 kvě 2015 01:30

Odinstalujte komplet i ten firefox. Pak smazte veskere jeho pripadne slozky, co zustanou. Pokud nechcete prijit o zalozky, zazalohujte si je pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/

Stahnete SystemLook http://jpshortstuff.247fixes.com/SystemLook_x64.exe a ulozte ho na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do okna zkopirujte tento skript

Kód: Vybrat vše

:filefind
*mozilla*
*firefox*
*chrome*

:regfind
mozilla
firefox
chrome

:folderfind
*mozilla*
*firefox*
*chrome*

kliknete na Look a chvili pockejte
Mel by na vas vyskocit log s nazvem Systemlook
Ten mi sem zkopirujte

roan · #10 Příspěvek od **roan** » 09 kvě 2015 08:44

SystemLook 30.07.11 by jpshortstuff
Log created at 09:40 on 09/05/2015 by roan_000
Administrator - Elevation successful

========== filefind ==========

Searching for "*mozilla*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk.vir --a---- 930 bytes [21:21 10/04/2015] [22:00 11/04/2015] 848582DC6F9157C3A7557A63D5686B38
C:\AdwCleaner\Quarantine\C\Users\Public\Desktop\Mozilla Firefox.lnk.vir --a---- 930 bytes [21:21 10/04/2015] [22:00 11/04/2015] 848582DC6F9157C3A7557A63D5686B38
C:\AdwCleaner\Quarantine\C\Users\roan_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk.vir --a---- 930 bytes [21:22 10/04/2015] [17:06 15/04/2015] 848582DC6F9157C3A7557A63D5686B38
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\Microsoft\Internet Explorer\DOMStore\UFM156T6\www.mozilla[1].xml --a---- 1070 bytes [21:19 10/04/2015] [21:19 10/04/2015] 0E4D060DA785E48B2B363E32F61EE2A3
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers\mozilla.browser --a---- 13262 bytes [09:35 02/05/2015] [09:35 02/05/2015] 9FFA08AA85D403D9CC98CAC2956069AE
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\Browsers\mozilla.browser --a---- 13262 bytes [09:35 02/05/2015] [09:35 02/05/2015] 9FFA08AA85D403D9CC98CAC2956069AE
C:\Windows\SoftwareDistribution\Download\0f4baa14acbc19075e5415072eedbc1f\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser --a---- 13262 bytes [09:34 02/05/2015] [14:46 18/06/2013] 9FFA08AA85D403D9CC98CAC2956069AE
C:\Windows\SoftwareDistribution\Download\0f4baa14acbc19075e5415072eedbc1f\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser --a---- 13262 bytes [09:34 02/05/2015] [12:23 18/06/2013] 9FFA08AA85D403D9CC98CAC2956069AE
C:\Windows\WinSxS\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser --a---- 1876 bytes [09:35 02/05/2015] [17:30 07/05/2015] 912F0A1F62B0A2377CC979FD1F82221A
C:\Windows\WinSxS\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser --a---- 1876 bytes [09:35 02/05/2015] [17:30 07/05/2015] 912F0A1F62B0A2377CC979FD1F82221A

Searching for "*firefox*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk.vir --a---- 930 bytes [21:21 10/04/2015] [22:00 11/04/2015] 848582DC6F9157C3A7557A63D5686B38
C:\AdwCleaner\Quarantine\C\Users\Public\Desktop\Mozilla Firefox.lnk.vir --a---- 930 bytes [21:21 10/04/2015] [22:00 11/04/2015] 848582DC6F9157C3A7557A63D5686B38
C:\AdwCleaner\Quarantine\C\Users\roan_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk.vir --a---- 930 bytes [21:22 10/04/2015] [17:06 15/04/2015] 848582DC6F9157C3A7557A63D5686B38
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\Firefox%20Setup%20Stub%2037.0.1[1].exe --a---- 16380 bytes [21:19 10/04/2015] [21:19 10/04/2015] B9AEABB4A140F68E4C2CE73333870662
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\firefox_new-bundle.8b61dd8a39d8[1].css --a---- 82139 bytes [21:19 10/04/2015] [21:19 10/04/2015] 5EB6E22D03F5398E5DDD3C58251FA220
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\header-firefox.98d0a02c957f[1].png --a---- 12696 bytes [21:19 10/04/2015] [21:19 10/04/2015] 98D0A02C957F4BD5353563054CCE1A89
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\VL61IMRP\firefox-logo.d3cb43a0a16f[1].png --a---- 14403 bytes [21:19 10/04/2015] [21:19 10/04/2015] D3CB43A0A16F39CA8C939104EFBF934A
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\VL61IMRP\firefox_new-bundle.4a24494b8107[1].js --a---- 121119 bytes [21:19 10/04/2015] [21:19 10/04/2015] 4A24494B810715B39E1001A31E5DB17A
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\firefox.browser --a---- 2336 bytes [15:36 22/08/2013] [15:34 22/08/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\firefox.browser --a---- 2336 bytes [15:36 22/08/2013] [15:34 22/08/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\Prefetch\FIREFOX.EXE-888CBD96.pf --a---- 513582 bytes [21:22 10/04/2015] [07:26 09/05/2015] B55CBBB51053E22204D59FD85EC92B0A
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_e03c9daab4035a21\firefox.browser --a---- 2336 bytes [06:43 22/08/2013] [14:46 18/06/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.17187_none_e03c5b80b403a389\firefox.browser --a---- 2336 bytes [06:43 22/08/2013] [14:46 18/06/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.20681_none_c96f3afacdaa6de6\firefox.browser --a---- 2336 bytes [06:43 22/08/2013] [14:46 18/06/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_27e9d481c87f8327\firefox.browser --a---- 2336 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.17187_none_27e99257c87fcc8f\firefox.browser --a---- 2336 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8E55C3D84FE4E59812B679FCCC8B6061
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.20681_none_111c71d1e22696ec\firefox.browser --a---- 2336 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8E55C3D84FE4E59812B679FCCC8B6061

Searching for "*chrome*"
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css --a---- 116382 bytes [09:08 11/04/2015] [09:10 11/04/2015] E9BD63249DC5F3FDB28BE65F3AC40144
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css --a---- 117283 bytes [09:08 11/04/2015] [09:10 11/04/2015] 92C8967F6E4BCBF23035D4D8CF68FDCA
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css --a---- 118561 bytes [09:08 11/04/2015] [09:10 11/04/2015] 73938E530CC7E9649DCEFDFE21B0713E
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css --a---- 121109 bytes [09:08 11/04/2015] [09:10 11/04/2015] 07B87846FE79218CF4D2A0FC14D1C47F
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css --a---- 125590 bytes [09:08 11/04/2015] [09:10 11/04/2015] D9D62761D440395A5D0870CE304504A4
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css --a---- 118561 bytes [09:08 11/04/2015] [09:10 11/04/2015] A6F4DDABE9B1B03915E63B7C61B17E09
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css --a---- 122395 bytes [09:08 11/04/2015] [09:10 11/04/2015] 01A4370631162AC427BB5E1386D4193D
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css --a---- 125590 bytes [09:08 11/04/2015] [09:10 11/04/2015] 4DC5445FE1808C2082EEA1B498C24EBD
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css --a---- 120478 bytes [09:08 11/04/2015] [09:10 11/04/2015] 3F8FCA1A0A2E62B73249E522FA73A6C8
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\3PEFTTDH\chrome-48[1].png --a---- 1834 bytes [07:27 09/05/2015] [07:27 09/05/2015] 3FE84B8B53D7401B32FABD0C70F211BB
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser --a---- 2107 bytes [15:36 22/08/2013] [15:34 22/08/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser --a---- 2107 bytes [15:36 22/08/2013] [15:34 22/08/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_e03c9daab4035a21\chrome.browser --a---- 2107 bytes [06:43 22/08/2013] [14:46 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.17187_none_e03c5b80b403a389\chrome.browser --a---- 2107 bytes [06:43 22/08/2013] [14:46 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.20681_none_c96f3afacdaa6de6\chrome.browser --a---- 2107 bytes [06:43 22/08/2013] [14:46 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.16384_none_27e9d481c87f8327\chrome.browser --a---- 2107 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.17187_none_27e99257c87fcc8f\chrome.browser --a---- 2107 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.9600.20681_none_111c71d1e22696ec\chrome.browser --a---- 2107 bytes [23:36 21/08/2013] [12:28 18/06/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B

========== regfind ==========

Searching for "mozilla"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Name02"="Mozilla Firefox"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Path02"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 8.0; Win32)"
[HKEY_CURRENT_USER\Software\Mozilla]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE]
@="Mozilla Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E239E79D0F3E43448AC9DC382C0BD62]
"68AB67CA7DA79201B744CAF070E41400"="02:\Software\MozillaPlugins\Adobe Reader\Path"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gathering Manager]
"UserAgent"="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Search\Gathering Manager]
"UserAgent"="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org\Mozilla]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"="NVIDIA stereo images plugin for Mozilla browsers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"="NVIDIA 3D Vision Streaming plugin for Mozilla browsers"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming\MimeTypes\application/mozilla-3DV-streaming-plugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming\MimeTypes\application/mozilla-3DV-streaming-plugin]
"Description"="3D Vision Streaming Mozilla Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE]
@="Mozilla Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 8.0; Win32)"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/5.0 (compatible; MSIE 9.0; Win32)"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/5.0 (compatible; MSIE 9.0; Win32)"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Name02"="Mozilla Firefox"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Path02"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 8.0; Win32)"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Mozilla]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 8.0; Win32)"

Searching for "firefox"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Name00"="firefox"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Path00"="E:\Programs\Firefox\firefox.exe"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Name02"="Mozilla Firefox"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Path02"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_CURRENT_USER\Software\Adobe\Dreamweaver CC 2014\Style Sheet Preferences]
"Use Browser Prefixes for Firefox"="TRUE"
[HKEY_CURRENT_USER\Software\AVAST Software\Avast Browser Cleanup]
"firefox_SP"="8D26A3F9454C05783CD0BC4FE15F13A616ED9877DC910BC9968F0869AB297C86"
[HKEY_CURRENT_USER\Software\Clients\StartMenuInternet]
@="FIREFOX.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18df1f9d_0]
@="{2}.\\?\bthenum#{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_localmfg&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010003|\Device\HarddiskVolume4\Programs\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1e1a0a00_0]
@="{2}.\\?\hdaudio#func_01&ven_1106&dev_4441&subsys_104383d0&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\eduplicatedhplineouttopo/00010001|\Device\HarddiskVolume4\Programs\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e20af7_0]
@="{2}.\\?\hdaudio#func_01&ven_1106&dev_4441&subsys_104383d0&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\ehdmiouttopo/00010001|\Device\HarddiskVolume4\Programs\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5f8314d1_0]
@="{2}.\\?\bthenum#{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_localmfg&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010003|\Device\HarddiskVolume4\Programs\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\932c6bd4_0]
@="{2}.\\?\hdaudio#func_01&ven_1106&dev_4441&subsys_104383d0&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\eduplicatedhplineouttopo/00010001|\Device\HarddiskVolume4\Programs\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/s/i?0-neu-d4-506f714eab469b865928004ac20f7f2c\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"b"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.org/?product=firefox-stub&os=win&lang=cs]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
"a"="firefox.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.htm\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.html\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_CURRENT_USER\Software\Mozilla\Firefox]
[HKEY_CURRENT_USER\Software\Classes\.oga]
"Winamp_Back"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Classes\.ogg]
"Winamp_Back"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Classes\.webm]
"Winamp_Back"="FirefoxHTML"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.FriendlyAppName"="Firefox"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE]
@="Mozilla Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities]
"ApplicationDescription"="Firefox vám přináší bezpečné a pohodlné brouzdání po webu. Důvěrně známý vzhled, rozšířené možnosti zabezpečení včetně ochrany před podvodnými stránkami a integrované vyhledávání vám umožní dostat z webových stránek maximum."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities]
"ApplicationIcon"="E:\Programs\Firefox\firefox.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities]
"ApplicationName"="Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".htm"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".html"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".shtml"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".xht"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".xhtml"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu]
"StartMenuInternet"="FIREFOX.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations]
"ftp"="FirefoxURL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations]
"http"="FirefoxURL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations]
"https"="FirefoxURL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon]
@="E:\Programs\Firefox\firefox.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"HideIconsCommand"=""E:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ShowIconsCommand"=""E:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"=""E:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties]
@="&Možnosti aplikace Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command]
@=""E:\Programs\Firefox\firefox.exe" -preferences"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode]
@="&Nouzový režim aplikace Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
@=""E:\Programs\Firefox\firefox.exe" -safe-mode"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\firefox.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"="Handles PDFs in-place in Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"ProductName"="Adobe Reader Plugin for Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE]
@="Mozilla Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities]
"ApplicationDescription"="Firefox vám přináší bezpečné a pohodlné brouzdání po webu. Důvěrně známý vzhled, rozšířené možnosti zabezpečení včetně ochrany před podvodnými stránkami a integrované vyhledávání vám umožní dostat z webových stránek maximum."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities]
"ApplicationIcon"="E:\Programs\Firefox\firefox.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities]
"ApplicationName"="Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".htm"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".html"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".shtml"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".xht"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\FileAssociations]
".xhtml"="FirefoxHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\StartMenu]
"StartMenuInternet"="FIREFOX.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations]
"ftp"="FirefoxURL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations]
"http"="FirefoxURL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations]
"https"="FirefoxURL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\DefaultIcon]
@="E:\Programs\Firefox\firefox.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"HideIconsCommand"=""E:\Programs\Firefox\uninstall\helper.exe" /HideShortcuts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ShowIconsCommand"=""E:\Programs\Firefox\uninstall\helper.exe" /ShowShortcuts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"=""E:\Programs\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties]
@="&Možnosti aplikace Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\properties\command]
@=""E:\Programs\Firefox\firefox.exe" -preferences"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode]
@="&Nouzový režim aplikace Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command]
@=""E:\Programs\Firefox\firefox.exe" -safe-mode"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"Firefox"="Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Name00"="firefox"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Path00"="E:\Programs\Firefox\firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Name02"="Mozilla Firefox"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Browser Launch Menus]
"Path02"="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Adobe\Dreamweaver CC 2014\Style Sheet Preferences]
"Use Browser Prefixes for Firefox"="TRUE"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\AVAST Software\Avast Browser Cleanup]
"firefox_SP"="8D26A3F9454C05783CD0BC4FE15F13A616ED9877DC910BC9968F0869AB297C86"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Clients\StartMenuInternet]
@="FIREFOX.EXE"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18df1f9d_0]
@="{2}.\\?\bthenum#{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_localmfg&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010003|\Device\HarddiskVolume4\Programs\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1e1a0a00_0]
@="{2}.\\?\hdaudio#func_01&ven_1106&dev_4441&subsys_104383d0&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\eduplicatedhplineouttopo/00010001|\Device\HarddiskVolume4\Programs\Firefox\plugin-container.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5e20af7_0]
@="{2}.\\?\hdaudio#func_01&ven_1106&dev_4441&subsys_104383d0&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\ehdmiouttopo/00010001|\Device\HarddiskVolume4\Programs\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5f8314d1_0]
@="{2}.\\?\bthenum#{24df01a9-3e4f-4c9f-9f66-5aa8ab14f8f4}_localmfg&0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topology/00010003|\Device\HarddiskVolume4\Programs\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\932c6bd4_0]
@="{2}.\\?\hdaudio#func_01&ven_1106&dev_4441&subsys_104383d0&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\eduplicatedhplineouttopo/00010001|\Device\HarddiskVolume4\Programs\Firefox\firefox.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/s/i?0-neu-d4-506f714eab469b865928004ac20f7f2c\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"b"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.org/?product=firefox-stub&os=win&lang=cs]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
"a"="firefox.exe"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.htm\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\Roaming\OpenWith\FileExts\.html\UserChoice]
"ProgId"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\http\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\Roaming\OpenWith\UrlAssociations\https\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice]
"ProgId"="FirefoxURL"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Mozilla\Firefox]
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\.oga]
"Winamp_Back"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\.ogg]
"Winamp_Back"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\.webm]
"Winamp_Back"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.FriendlyAppName"="Firefox"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\.oga]
"Winamp_Back"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\.ogg]
"Winamp_Back"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\.webm]
"Winamp_Back"="FirefoxHTML"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.FriendlyAppName"="Firefox"
[HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Programs\Firefox\firefox.exe.ApplicationCompany"="Mozilla Corporation"

Searching for "chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5204177C986703F42A3EC1E17192FF2C]
"CE52CDE5669D4E11E9C50061E3897E6D"="E:\Programs\Evernote\chrome.pak"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"="E:\Programs\Avast\WebRep\Chrome\aswWebRepChrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NVIDIA Corporation\Global\Stereo3D\GameConfigs\Chrome]

========== folderfind ==========

Searching for "*mozilla*"
C:\Users\roan_000\AppData\Local\Temp\mozilla-temp-files d------ [18:03 08/05/2015]
C:\Windows\Temp\avast_ash\Mozilla Firefox d------ [13:36 08/05/2015]

Searching for "*firefox*"
C:\Users\roan_000\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_firefox.exe_2e18a9ec2daf89c109293f2c8217a5a369_76b63866_178c81a9 d----c- [11:14 08/05/2015]
C:\Users\roan_000\AppData\Local\Temp\avastBCLTMP\firefox d------ [07:28 09/05/2015]
C:\Windows\Temp\avast_ash\Mozilla Firefox d------ [13:36 08/05/2015]

Searching for "*chrome*"
No folders found.

-= EOF =-

#11 Příspěvek od **Márty84** » 09 kvě 2015 12:59

Presunte FRST na plochu, jinak to nebude fungovat!!!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [DAEMON Tools Lite] => E:\Programs\Daemon Tool\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [Copy] => C:\Users\roan_000\AppData\Roaming\Copy\CopyAgent.exe [15414816 2015-04-07] (Barracuda Networks, Inc.)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [Steam] => E:\Programs\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\roan_000\AppData\Roaming\Copy\CopyAgent.exe [15414816 2015-04-07] (Barracuda Networks, Inc.)

FF ProfilePath: C:\Users\roan_000\AppData\Roaming\Mozilla\Firefox\Profiles\yz5w6pv1.default-1431082959826
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> E:\Programs\Java\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> E:\Programs\Java\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\roan_000\AppData\Roaming\Mozilla\Firefox\Profiles\yz5w6pv1.default-1431082959826\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Programs\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Programs\Avast\WebRep\FF [2015-05-07]

CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programs\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-07]

2015-05-08 12:31 - 2015-05-08 12:31 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

Hosts:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Program Files (x86)\Mozilla Firefox
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\Microsoft\Internet Explorer\DOMStore\UFM156T6\www.mozilla[1].xml
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers\mozilla.browser
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\Browsers\mozilla.browser
C:\Windows\SoftwareDistribution\Download\0f4baa14acbc19075e5415072eedbc1f\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser
C:\Windows\SoftwareDistribution\Download\0f4baa14acbc19075e5415072eedbc1f\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser
C:\Windows\WinSxS\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser
C:\Windows\WinSxS\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\Firefox%20Setup%20Stub%2037.0.1[1].exe
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\firefox_new-bundle.8b61dd8a39d8[1].css
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\header-firefox.98d0a02c957f[1].png
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\VL61IMRP\firefox-logo.d3cb43a0a16f[1].png
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\VL61IMRP\firefox_new-bundle.4a24494b8107[1].js
C:\Windows\Prefetch\FIREFOX.EXE-888CBD96.pf
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css
C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\3PEFTTDH\chrome-48[1].png
C:\Users\roan_000\AppData\Local\Temp\mozilla-temp-files
C:\Users\roan_000\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_firefox.exe_2e18a9ec2daf89c109293f2c8217a5a369_76b63866_178c81a9
C:\Users\roan_000\AppData\Local\Temp\avastBCLTMP\firefox

:reg
[-HKEY_CURRENT_USER\Software\Mozilla]
[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org]
[-HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org\Mozilla]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE]
[-HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Mozilla]
[-HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org]
[-HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org]
[-HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org]
[-HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5204177C986703F42A3EC1E17192FF2C]
"CE52CDE5669D4E11E9C50061E3897E6D"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]

Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

roan · #12 Příspěvek od **roan** » 09 kvě 2015 19:44

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by roan_000 at 2015-05-09 20:42:04 Run:1
Running from C:\Users\roan_000\Desktop
Loaded Profiles: roan_000 (Available profiles: roan_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [DAEMON Tools Lite] => E:\Programs\Daemon Tool\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [Copy] => C:\Users\roan_000\AppData\Roaming\Copy\CopyAgent.exe [15414816 2015-04-07] (Barracuda Networks, Inc.)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [Steam] => E:\Programs\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Copy] => C:\Users\roan_000\AppData\Roaming\Copy\CopyAgent.exe [15414816 2015-04-07] (Barracuda Networks, Inc.)

FF ProfilePath: C:\Users\roan_000\AppData\Roaming\Mozilla\Firefox\Profiles\yz5w6pv1.default-1431082959826
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> E:\Programs\Java\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> E:\Programs\Java\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: Adblock Plus - C:\Users\roan_000\AppData\Roaming\Mozilla\Firefox\Profiles\yz5w6pv1.default-1431082959826\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - E:\Programs\Avast\WebRep\FF
FF Extension: Avast Online Security - E:\Programs\Avast\WebRep\FF [2015-05-07]

CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Programs\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-07]

2015-05-08 12:31 - 2015-05-08 12:31 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

Hosts:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Copy => value deleted successfully.
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value deleted successfully.
HKU\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Copy => value deleted successfully.
FF ProfilePath: C:\Users\roan_000\AppData\Roaming\Mozilla\Firefox\Profiles\yz5w6pv1.default-1431082959826 => Should not be moved.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@FortinetCacheClean" => Key deleted successfully.
C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@FortinetTunnelControl" => Key deleted successfully.
C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.40.2" => Key deleted successfully.
E:\Programs\Java\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2" => Key deleted successfully.
E:\Programs\Java\bin\plugin2\npjp2.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision" => Key deleted successfully.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming" => Key deleted successfully.
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => Key deleted successfully.
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => Moved successfully.
C:\Users\roan_000\AppData\Roaming\Mozilla\Firefox\Profiles\yz5w6pv1.default-1431082959826\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com => value deleted successfully.

"E:\Programs\Avast\WebRep\FF" directory move:

Could not move "E:\Programs\Avast\WebRep\FF" directory. => Scheduled to move on reboot.

CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "E:\Programs\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-05-09 20:43:27)<=

"E:\Programs\Avast\WebRep\FF" => Directory could not move.
"E:\Programs\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 20:43:30 ====

roan · #13 Příspěvek od **roan** » 09 kvě 2015 19:53

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: roan_000
->Temp folder emptied: 7688940 bytes
->Temporary Internet Files folder emptied: 182021573 bytes
->Java cache emptied: 8196 bytes
->Flash cache emptied: 91862 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1090794 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 182,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: roan_000
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Program Files (x86)\Mozilla Firefox not found.
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\Microsoft\Internet Explorer\DOMStore\UFM156T6\www.mozilla[1].xml moved successfully.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers\mozilla.browser moved successfully.
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\Browsers\mozilla.browser moved successfully.
C:\Windows\SoftwareDistribution\Download\0f4baa14acbc19075e5415072eedbc1f\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser moved successfully.
C:\Windows\SoftwareDistribution\Download\0f4baa14acbc19075e5415072eedbc1f\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser moved successfully.
File move failed. C:\Windows\WinSxS\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser scheduled to be moved on reboot.
File move failed. C:\Windows\WinSxS\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser scheduled to be moved on reboot.
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\Firefox%20Setup%20Stub%2037.0.1[1].exe moved successfully.
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\firefox_new-bundle.8b61dd8a39d8[1].css moved successfully.
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\F10S4D10\header-firefox.98d0a02c957f[1].png moved successfully.
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\VL61IMRP\firefox-logo.d3cb43a0a16f[1].png moved successfully.
C:\Users\roan_000\AppData\Local\Packages\GoogleInc.GoogleSearch_yfg5n0ztvskxp\AC\INetCache\VL61IMRP\firefox_new-bundle.4a24494b8107[1].js moved successfully.
C:\Windows\Prefetch\FIREFOX.EXE-888CBD96.pf moved successfully.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css scheduled to be moved on reboot.
File/Folder C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\3PEFTTDH\chrome-48[1].png not found.
File/Folder C:\Users\roan_000\AppData\Local\Temp\mozilla-temp-files not found.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\WER\ReportArchive\Critical_firefox.exe_2e18a9ec2daf89c109293f2c8217a5a369_76b63866_178c81a9 folder moved successfully.
File/Folder C:\Users\roan_000\AppData\Local\Temp\avastBCLTMP\firefox not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Mozilla\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mozilla.org\Mozilla\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\FIREFOX.EXE\ not found.
Registry key HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Mozilla\ not found.
Registry key HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org\ not found.
Registry key HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org\ not found.
Registry key HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\mozilla.org\ not found.
Registry key HKEY_USERS\S-1-5-21-2490308184-3408559818-3602897103-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\googleinc.googlesearch_yfg5n0ztvskxp\Internet Explorer\DOMStorage\www.mozilla.org\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5204177C986703F42A3EC1E17192FF2C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A69D345-D564-463C-AFF1-A69D9E530F96}\ not found.

OTM by OldTimer - Version 3.1.21.0 log created on 05092015_204634

Files moved on Reboot...
C:\Users\roan_000\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_e330f25ac01818f1_0_0.bin moved successfully.
C:\Users\roan_000\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_e330f25ac01818f1_0_0.toc moved successfully.
C:\Users\roan_000\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_e330f25ac01818f1_1_0.bin moved successfully.
C:\Users\roan_000\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_e330f25ac01818f1_1_0.toc moved successfully.
C:\Users\roan_000\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\2a0326a08a12848dccfcd16232e70e39_fce8395f8fd8a84b_f3279b66e87c6f22_0_0.bin moved successfully.
C:\Users\roan_000\AppData\Local\Temp\Low\NVIDIA Corporation\NV_Cache\2a0326a08a12848dccfcd16232e70e39_fce8395f8fd8a84b_f3279b66e87c6f22_0_0.toc moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X6YUCQNV\afr[2].htm moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\X6YUCQNV\afr[3].htm moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\MBYVAZIL\viewtopic[3].htm moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\CSE40QLO\context[2].htm moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE\CSE40QLO\context[3].htm moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\roan_000\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Windows\temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Windows\temp\NVIDIA Corporation\NV_Cache\d0ee50f82000f8b25561e549f5f1b458_fce8395f8fd8a84b_6229ccd76215aea1_0_1.bin moved successfully.
File move failed. C:\Windows\WinSxS\amd64_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_44643ac47b53f37a\mozilla.browser scheduled to be moved on reboot.
File move failed. C:\Windows\WinSxS\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.3.9600.16384_none_8c11719b8fd01c80\mozilla.browser scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\hotelArticleChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\fodorsArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\frommersArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\lonelyPlanetArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArAttractionsChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArHotelsChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\michelinArRestaurantsChrome.css scheduled to be moved on reboot.
File move failed. C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.309_x64__8wekyb3d8bbwe\css\articleReader\tripAdvisorArChrome.css scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#14 Příspěvek od **Márty84** » 09 kvě 2015 19:56

Dejte novy log z FRST

roan · #15 Příspěvek od **roan** » 09 kvě 2015 20:07

Log v příloze

VIRY.CZ

Mailware - vyskakovací reklamní okna v prohlížeči atd.

Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.

Re: Mailware - vyskakovací reklamní okna v prohlížeči atd.