Při mazání AdwCleanerem BSOD

[dominikvyt]

Dobrý den , prosím o pomoc při čištění PC mi vždy hodí BSOD pokoušel jsem se čistit za pomoci Adw Cleanerem a Junkwere Removal tool JRT a vždy BSOD zde dávam log z Adw Cleaner:

Kód: Vybrat vše

# AdwCleaner v5.003 - Logfile created 27/08/2015 at 17:56:13
# Updated 20/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : RoxDorUser - ROXDOR
# Running from : E:\Documents and Settings\RoxDorUser\Plocha\Programy\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IHProtect Service
Service Found : WindowsMangerProtect
Service Found : winzipersvc
Service Found : {5f2b1cb2-79cf-42ce-94ef-57cc73d7866b}Gt

***** [ Folders ] *****

Folder Found : E:\rei
Folder Found : E:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect
Folder Found : E:\Documents and Settings\All Users\Data aplikací\MailUpdate
Folder Found : E:\Documents and Settings\All Users\Data aplikací\IHProtectUpDate
Folder Found : E:\Documents and Settings\All Users\Data aplikací\83e1bea40000769e
Folder Found : E:\Documents and Settings\All Users\Data aplikací\{f84fb3e4-5642-c33f-f84f-fb3e4564cf91}
Folder Found : E:\Documents and Settings\All Users\Nabídka Start\Programy\WinZipper
Folder Found : E:\Documents and Settings\All Users\Nabídka Start\Programy\reimage repair
Folder Found : E:\Documents and Settings\RoxDorUser\Data aplikací\eCyber
Folder Found : E:\Documents and Settings\RoxDorUser\Data aplikací\WinZipper
Folder Found : E:\Documents and Settings\Spravce\Data aplikací\WinZipper
Folder Found : E:\Documents and Settings\Spravce\Data aplikací\MailUpdate
Folder Found : E:\Program Files\Reimage
Folder Found : E:\Program Files\WinZipper
Folder Found : E:\Program Files\XTab
Folder Found : E:\Program Files\miuitab
Folder Found : E:\Program Files\DealExPresss
Folder Found : E:\Program Files\FinddBestDeaul
Folder Found : E:\Program Files\RobOSiaver

***** [ Files ] *****

File Found : E:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\rvc3cshe.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
File Found : E:\Program Files\mozilla firefox\dbghelp.dll
File Found : E:\Program Files\Mozilla Firefox\browser\searchplugins\delta-homes.xml
File Found : E:\Program Files\Mozilla Firefox\browser\searchplugins\luckysearches.xml
File Found : E:\WINDOWS\Reimage.ini

***** [ Shortcuts ] *****

Shortcut Infected : E:\Documents and Settings\All Users\Plocha\facebook internet.lnk ( hxxp://www.delta-homes.com/?type=sc&ts=1432893592&z=d1fa7297224187df2aee593g4zac1o0b7t2cdw1m8c&from=wpm052932&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736 )
Shortcut Infected : E:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk ( hxxp://www.delta-homes.com/?type=sc&ts=1432893592&z=d1fa7297224187df2aee593g4zac1o0b7t2cdw1m8c&from=wpm052932&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736 )
Shortcut Infected : E:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk ( hxxp://www.delta-homes.com/?type=sc&ts=1432893592&z=d1fa7297224187df2aee593g4zac1o0b7t2cdw1m8c&from=wpm052932&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736 )
Shortcut Infected : E:\Documents and Settings\Spravce\Nabídka Start\Programy\Internet Explorer.lnk ( hxxp://www.delta-homes.com/?type=sc&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736 )
Shortcut Infected : E:\Documents and Settings\Spravce\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk ( hxxp://www.delta-homes.com/?type=sc&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736 )
Shortcut Infected : E:\Documents and Settings\Spravce\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Spustit prohlížeč Internet Explorer.lnk ( hxxp://www.delta-homes.com/?type=sc&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736 )

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Found : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Key Found : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Key Found : HKLM\SOFTWARE\Classes\P6485AB1F_8E25_43DA_807F_8F7F9535AD59_.P6485AB1F_8E25_43DA_807F_8F7F9535AD59_
Key Found : HKLM\SOFTWARE\Classes\P6485AB1F_8E25_43DA_807F_8F7F9535AD59_.P6485AB1F_8E25_43DA_807F_8F7F9535AD59_.9
Key Found : HKLM\SOFTWARE\Classes\PDA40E25C_0C77_457F_B723_64D7DE659D9A_.PDA40E25C_0C77_457F_B723_64D7DE659D9A_
Key Found : HKLM\SOFTWARE\Classes\PDA40E25C_0C77_457F_B723_64D7DE659D9A_.PDA40E25C_0C77_457F_B723_64D7DE659D9A_.9
Key Found : HKCU\Software\151df13ab962b4a57d692a874bc59942
Key Found : HKLM\SOFTWARE\84bd664f-74fa-a4c2-2d23-7a10ea5b4726
Key Found : HKLM\SOFTWARE\Classes\WinZipper.001
Key Found : HKLM\SOFTWARE\Classes\WinZipper.7z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.arj
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cab
Key Found : HKLM\SOFTWARE\Classes\WinZipper.cpio
Key Found : HKLM\SOFTWARE\Classes\WinZipper.deb
Key Found : HKLM\SOFTWARE\Classes\WinZipper.dmg
Key Found : HKLM\SOFTWARE\Classes\WinZipper.fat
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.gzip
Key Found : HKLM\SOFTWARE\Classes\WinZipper.hfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.iso
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lha
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzh
Key Found : HKLM\SOFTWARE\Classes\WinZipper.lzma
Key Found : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.rpm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Key Found : HKLM\SOFTWARE\Classes\WinZipper.swm
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.taz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tgz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.tpz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.txz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.vhd
Key Found : HKLM\SOFTWARE\Classes\WinZipper.wim
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xar
Key Found : HKLM\SOFTWARE\Classes\WinZipper.xz
Key Found : HKLM\SOFTWARE\Classes\WinZipper.z
Key Found : HKLM\SOFTWARE\Classes\WinZipper.zip
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6485AB1F-8E25-43DA-807F-8F7F9535AD59}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DA40E25C-0C77-457F-B723-64D7DE659D9A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{803C743C-7D37-4334-8BB0-B7716237AED6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2309C24-8371-451B-9D22-185D36B27B0D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F91A9A1-01BA-4C81-863D-3BA0751E1419}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6485AB1F-8E25-43DA-807F-8F7F9535AD59}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DA40E25C-0C77-457F-B723-64D7DE659D9A}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{6485AB1F-8E25-43DA-807F-8F7F9535AD59}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{DA40E25C-0C77-457F-B723-64D7DE659D9A}]
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\delta-homesSoftware
Key Found : HKLM\SOFTWARE\hdcode
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\V9
Key Found : HKLM\SOFTWARE\winzipersvc
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : HKLM\SOFTWARE\Reimage
Key Found : HKLM\SOFTWARE\LuckyTab
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\WajIntEnhance
Key Found : HKLM\SOFTWARE\SpeedBit
Key Found : HKLM\SOFTWARE\luckysearchesSoftware
Key Found : HKLM\SOFTWARE\AIM Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinToFlash Suggestor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\winzipper
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinToFlash Suggestor
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.luckysearches.com/web/?type=ds&ts=1430141081&from=exp&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.luckysearches.com/web/?type=ds&ts=1430141081&from=exp&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [ Web browsers ] *****

[E:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\rvc3cshe.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?type=nt&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736");
[E:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\rvc3cshe.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "delta-homes");
[E:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\rvc3cshe.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?type=hp&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736");

########## EOF - E:\AdwCleaner\AdwCleaner[S2].txt - [13599 bytes] ##########

[Rudy]

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Zkusím to vyházet ručně.

[dominikvyt]

Děkuji moc FRST:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-08-2015 02
Ran by RoxDorUser (administrator) on ROXDOR (27-08-2015 19:12:56)
Running from E:\Documents and Settings\RoxDorUser\Dokumenty\Stažené soubory
Loaded Profiles: RoxDorUser (Available Profiles: Spravce & RoxDorUser)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() E:\WINDOWS\explore.exe
(ServiceEx) E:\Program Files\EasyPHP-Webserver-14.1b2\dashboard\service-install.exe
(Apache Software Foundation) E:\Program Files\EasyPHP-Webserver-14.1b2\binaries\httpserver\bin\ews-httpd.exe
(The PHP Group) E:\Program Files\EasyPHP-Webserver-14.1b2\dashboard\ews-dashboard.exe
(XTab system) E:\Program Files\MiuiTab\ProtectService.exe
(Microsoft Corporation) E:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apache Software Foundation) E:\Program Files\EasyPHP-Webserver-14.1b2\binaries\httpserver\bin\ews-httpd.exe
() E:\Documents and Settings\RoxDorUser\Plocha\Programy\AdwCleaner.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [151df13ab962b4a57d692a874bc59942] => E:\WINDOWS\explore.exe [1876480 2015-08-24] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-606747145-2111687655-1801674531-1014\...\Run: [151df13ab962b4a57d692a874bc59942] => E:\WINDOWS\explore.exe [1876480 2015-08-24] ()
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
Startup: E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe [2015-08-24] ()
Startup: E:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe [2002-01-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=ds&ts=1430141081&from=exp&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1437073975&z=3df3e8ff819c0d4d755011fg1zfcamee1m5cct5m4m&from=wpm07163&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430141081&from=exp&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430141081&from=exp&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1430141081&from=exp&uid=WDCXWD1600AAJS-00PSA0_WD-WMAP9118573685736&q={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> E:\Program Files\MiuiTab\SupTab.dll [2015-07-15] (Thinkgood Co. Limited)
BHO: WinToFlash Suggestor -> {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} -> E:\Program Files\WinToFlash Suggestor\WinToFlashSuggestor.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 1.1.1.1
Tcpip\..\Interfaces\{BDCB072B-95CD-4108-9C24-F085949A1045}: [DhcpNameServer] 1.1.1.1

FireFox:
========
FF ProfilePath: E:\Documents and Settings\RoxDorUser\Data aplikací\Mozilla\Firefox\Profiles\7vne43yn.default
FF Homepage: hxxp://google.com
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> E:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> E:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> e:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml [2015-07-16]
FF SearchPlugin: E:\Program Files\mozilla firefox\browser\searchplugins\luckysearches.xml [2015-04-27]
FF Extension: Extreme Blocker - E:\Documents and Settings\RoxDorUser\Data aplikací\Mozilla\Firefox\Profiles\7vne43yn.default\Extensions\snzhhqmyqy_vggr@mzqijiqqikckj.org [2015-08-15]
FF Extension: SQL Inject Me - E:\Documents and Settings\RoxDorUser\Data aplikací\Mozilla\Firefox\Profiles\7vne43yn.default\Extensions\sqlime@security.compass.xpi [2015-08-18]
FF Extension: Tamper Data - E:\Documents and Settings\RoxDorUser\Data aplikací\Mozilla\Firefox\Profiles\7vne43yn.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-08-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-07-11]
FF Extension: No Name - E:\Documents and Settings\RoxDorUser\Data aplikacĂ­\Mozilla\Firefox\Profiles\7vne43yn.default\extensions\sqlime@security.compass.xpi [not found]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ews-dashboard; E:\Program Files\EasyPHP-Webserver-14.1b2\dashboard\service-install.exe [114688 2014-04-06] (ServiceEx) [File not signed]
R2 ews-httpserver; E:\Program Files\EasyPHP-Webserver-14.1b2\binaries\httpserver\bin\ews-httpd.exe [20992 2014-07-19] (Apache Software Foundation) [File not signed]
S3 IDriverT; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; E:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-15] (XTab system)
S4 ss_conn_service; E:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S4 WindowsMangerProtect; E:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S4 winzipersvc; E:\Program Files\WinZipper\winzipersvc.exe [337040 2015-07-21] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
S4 Update Teal Kitty; "E:\Program Files\Teal Kitty\updateTealKitty.exe" [X]
S4 Util Teal Kitty; "E:\Program Files\Teal Kitty\bin\utilTealKitty.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; E:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2015-04-18] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 dtlitescsibus; E:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25104 2015-04-20] (Disc Soft Ltd)
R2 EAPPkt; E:\WINDOWS\System32\DRIVERS\EAPPkt.sys [38144 2006-11-15] (Windows (R) 2000 DDK provider) [File not signed]
R3 Egatebus; E:\WINDOWS\System32\drivers\egatebus.sys [15328 2006-05-19] (Axalto)
R3 Egaterdr; E:\WINDOWS\System32\drivers\egaterdr.sys [13440 2006-05-19] (Axalto)
S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 mv61xxmm; E:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2015-04-16] (Marvell Semiconductor Inc.)
R0 mv64xxmm; E:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2015-04-16] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; E:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2015-04-16] (Marvell Semiconductor Inc.)
R2 npf; E:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NVENETFD; E:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; E:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R0 nvlegacy; E:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2015-04-16] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; E:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 rtl8185; E:\WINDOWS\System32\DRIVERS\rtl8185.sys [823936 2009-10-27] (Realtek Semiconductor Corporation                           )
S3 vncmirror; E:\WINDOWS\System32\DRIVERS\vncmirror.sys [4608 2015-01-28] (RealVNC Ltd.)
R1 {5f2b1cb2-79cf-42ce-94ef-57cc73d7866b}Gt; E:\WINDOWS\System32\drivers\{5f2b1cb2-79cf-42ce-94ef-57cc73d7866b}Gt.sys [55824 2015-04-26] (StdLib)
S3 cpuz134; \??\E:\DOCUME~1\Spravce\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 11:22 - 2015-10-30 11:22 - 00113095 _____ E:\WINDOWS\system32\ScanResults.xml
2015-10-30 11:19 - 2015-10-30 11:19 - 00000464 _____ E:\WINDOWS\system32\ScannerSettings
2015-10-29 17:01 - 2015-08-25 07:40 - 00000000 ____D E:\Documents and Settings\Spravce\Data aplikací\vlc
2015-10-29 11:18 - 2015-10-29 11:18 - 00000220 _____ E:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-10-29 11:18 - 2015-08-27 17:55 - 00000226 _____ E:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-10-27 08:43 - 2015-10-27 08:43 - 00013615 _____ E:\WINDOWS\KB2934207.log
2015-10-27 08:43 - 2015-10-27 08:43 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2934207$
2015-10-27 08:43 - 2015-10-27 08:43 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2922229$
2015-10-27 08:43 - 2015-10-27 08:43 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2916036$
2015-10-27 08:43 - 2015-10-27 08:43 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2868626$
2015-10-27 08:42 - 2015-10-27 08:43 - 00013136 _____ E:\WINDOWS\KB2900986.log
2015-10-27 08:42 - 2015-10-27 08:42 - 00016117 _____ E:\WINDOWS\KB955759.log
2015-10-27 08:42 - 2015-10-27 08:42 - 00014912 _____ E:\WINDOWS\KB975558.log
2015-10-27 08:42 - 2015-10-27 08:42 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB955759$
2015-10-27 08:42 - 2015-10-27 08:42 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2900986$
2015-10-27 08:42 - 2015-10-27 08:42 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2847311$
2015-10-27 08:42 - 2015-10-27 08:42 - 00000000 ____D E:\WINDOWS\system32\KB905474
2015-10-27 08:42 - 2015-08-27 17:55 - 00000260 _____ E:\WINDOWS\Tasks\WGASetup.job
2015-10-27 08:41 - 2015-10-27 08:41 - 00013204 _____ E:\WINDOWS\KB951978.log
2015-10-27 08:41 - 2015-10-27 08:41 - 00011450 _____ E:\WINDOWS\KB2378111.log
2015-10-27 08:41 - 2015-10-27 08:41 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB951978$
2015-10-27 08:41 - 2015-10-27 08:41 - 00000000 ____D E:\Documents and Settings\All Users\Nabídka Start\Programy\Reimage Repair
2015-10-27 08:41 - 2015-07-16 21:12 - 00000000 ____D E:\Program Files\Reimage
2015-10-27 08:40 - 2015-10-27 08:43 - 00000000 ____D E:\rei
2015-10-27 08:40 - 2015-10-27 08:40 - 00301234 _____ E:\WINDOWS\msxml4-KB2758694-enu.LOG
2015-10-27 08:40 - 2015-10-27 08:40 - 00009341 _____ E:\WINDOWS\KB2862335.log
2015-10-27 08:40 - 2015-10-27 08:40 - 00009261 _____ E:\WINDOWS\KB2485663.log
2015-10-27 08:40 - 2015-10-27 08:40 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2929961$
2015-10-27 08:40 - 2015-10-27 08:40 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2898715$
2015-10-27 08:40 - 2015-10-27 08:40 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2862335$
2015-10-27 08:40 - 2015-08-27 18:12 - 00000008 _____ E:\WINDOWS\Reimage.ini
2015-10-27 08:39 - 2015-10-27 08:39 - 00000000 __SHD E:\Documents and Settings\Spravce\PrivacIE
2015-10-27 08:37 - 2015-10-27 08:37 - 00009873 _____ E:\WINDOWS\KB954155.log
2015-10-27 08:37 - 2015-10-27 08:37 - 00008676 _____ E:\WINDOWS\KB2904266.log
2015-10-27 08:37 - 2015-10-27 08:37 - 00008217 _____ E:\WINDOWS\KB2834904-v2.log
2015-10-27 08:37 - 2015-10-27 08:37 - 00007151 _____ E:\WINDOWS\KB2930275.log
2015-10-27 08:37 - 2015-10-27 08:37 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2930275$
2015-10-27 08:37 - 2015-10-27 08:37 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2904266$
2015-10-27 08:37 - 2015-10-27 08:37 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2876217$
2015-10-27 08:37 - 2015-10-27 08:37 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2864063$
2015-10-27 08:37 - 2015-10-27 08:37 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-10-27 08:36 - 2015-10-27 08:36 - 01072544 _____ E:\WINDOWS\system32\nvdrsdb1.bin
2015-10-27 08:36 - 2015-10-27 08:36 - 01072544 _____ E:\WINDOWS\system32\nvdrsdb0.bin
2015-10-27 08:36 - 2015-10-27 08:36 - 00000001 _____ E:\WINDOWS\system32\nvdrssel.bin
2015-10-27 08:36 - 2015-10-27 08:36 - 00000000 _____ E:\WINDOWS\system32\nvdrswr.lk
2015-10-27 08:35 - 2015-07-04 11:44 - 00013657 _____ E:\WINDOWS\KB2345886.log
2015-10-27 08:34 - 2015-10-27 08:34 - 00000000 ____D E:\WINDOWS\system32\ReinstallBackups
2015-10-27 08:33 - 2015-10-27 08:33 - 00000000 ____D E:\Documents and Settings\Spravce\Local Settings\Data aplikací\PCHealth
2015-10-27 08:31 - 2015-10-27 08:31 - 00000000 __HDC E:\WINDOWS\$NtUninstallKB2862152$
2015-08-27 19:12 - 2015-08-27 19:13 - 00000000 ____D E:\FRST
2015-08-27 19:11 - 2015-08-27 19:11 - 00029696 _____ E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\MSGBOX.EXE
2015-08-27 19:11 - 2015-08-27 19:11 - 00015327 _____ E:\Documents and Settings\RoxDorUser\Plocha\LM.bat
2015-08-27 17:54 - 2015-08-27 17:54 - 00090112 _____ E:\WINDOWS\Minidump\Mini082715-02.dmp
2015-08-27 17:46 - 2015-08-27 17:46 - 00090112 _____ E:\WINDOWS\Minidump\Mini082715-01.dmp
2015-08-27 17:40 - 2015-08-27 17:56 - 00000000 ____D E:\AdwCleaner
2015-08-27 16:52 - 2015-08-27 17:00 - 00000000 ____D E:\Documents and Settings\Spravce\Plocha\viral
2015-08-27 12:23 - 2015-08-27 12:24 - 00000000 ____D E:\Documents and Settings\RoxDorUser\WebWorks Projects
2015-08-27 12:20 - 2015-08-27 12:25 - 00000000 ____D E:\Documents and Settings\RoxDorUser\.cordova
2015-08-27 12:20 - 2015-08-27 12:21 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\BlackBerry
2015-08-27 12:12 - 2015-08-27 12:21 - 00000000 ___HD E:\Program Files\Zero G Registry
2015-08-27 12:12 - 2015-08-27 12:12 - 00000000 ____D E:\Program Files\BlackBerry
2015-08-27 12:11 - 2015-08-27 12:11 - 00000000 ___HD E:\Documents and Settings\RoxDorUser\InstallAnywhere
2015-08-25 11:58 - 2015-08-25 13:10 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha\viral
2015-08-24 22:12 - 2015-08-25 21:07 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\vlc
2015-08-24 21:57 - 2015-08-27 17:11 - 00032768 ___SH E:\Documents and Settings\RoxDorUser\Plocha\Thumbs.db
2015-08-24 21:33 - 2015-08-24 21:33 - 01876480 _____ E:\WINDOWS\explore.exe
2015-08-24 10:00 - 2015-08-24 10:00 - 00000000 ____D E:\Program Files\VertrigoServ
2015-08-24 10:00 - 2015-08-24 10:00 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\VertrigoServ
2015-08-23 13:18 - 2015-08-23 13:27 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\FileZilla
2015-08-23 12:52 - 2015-08-23 12:52 - 00000000 ____D E:\Program Files\kiwi.software.NET
2015-08-23 12:52 - 2015-08-23 12:52 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\kiwi.software.NET
2015-08-23 11:55 - 2015-08-23 11:55 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Dokumenty\Filmy
2015-08-23 02:20 - 2015-08-23 02:20 - 00000160 _____ E:\Documents and Settings\Spravce\Plocha\sqli.txt
2015-08-23 00:00 - 2015-08-23 00:02 - 83909485 _____ E:\backup.zpaq
2015-08-22 23:35 - 2015-08-22 23:35 - 00000000 ____D E:\Documents and Settings\All Users\Nabídka Start\Programy\EasyPHP Devserver 14.1 beta 2
2015-08-22 23:34 - 2015-08-22 23:35 - 00000000 ____D E:\Program Files\EasyPHP-Webserver-14.1b2
2015-08-22 23:29 - 2015-08-22 23:29 - 00000053 _____ E:\Documents and Settings\Spravce\Plocha\webshare.txt
2015-08-22 23:26 - 2015-08-22 23:34 - 00000000 ____D E:\wamp
2015-08-22 01:54 - 2015-08-22 01:54 - 00119376 _____ E:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-606747145-2111687655-1801674531-1014-0.dat
2015-08-22 01:25 - 2015-08-22 01:25 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\Macromedia
2015-08-22 01:20 - 2015-08-22 01:20 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\Red_Gate_Software_Ltd
2015-08-22 01:00 - 2015-08-22 01:00 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\Red Gate
2015-08-22 01:00 - 2015-08-22 01:00 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\IsolatedStorage
2015-08-22 00:58 - 2015-08-22 00:58 - 00000000 ____D E:\Program Files\Red Gate
2015-08-22 00:58 - 2015-08-22 00:58 - 00000000 ____D E:\Documents and Settings\All Users\Nabídka Start\Programy\Red Gate
2015-08-22 00:58 - 2015-08-22 00:58 - 00000000 ____D E:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
2015-08-22 00:11 - 2015-08-22 00:11 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\Adobe
2015-08-21 09:33 - 2015-08-21 10:18 - 00000000 ____D E:\Program Files\Mozilla Firefox
2015-08-19 09:22 - 2015-08-21 23:29 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\PSpad
2015-08-18 20:40 - 2015-08-18 20:40 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\Trolltech
2015-08-18 20:33 - 2015-08-18 20:34 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\Mediatek
2015-08-18 14:34 - 2015-08-18 14:34 - 00000000 ____H E:\Documents and Settings\RoxDorUser\Dokumenty\Default.rdp
2015-08-18 13:49 - 2015-08-18 13:49 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\ICSharpCode
2015-08-18 13:37 - 2015-08-18 13:38 - 00000000 ____D E:\Documents and Settings\All Users\Nabídka Start\Programy\Metasploit
2015-08-18 13:13 - 2015-08-18 13:13 - 00000000 ____D E:\Program Files\WinPcap
2015-08-18 13:09 - 2015-08-18 13:43 - 00000000 ____D E:\metasploit
2015-08-18 12:38 - 2015-08-18 12:38 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\eCyber
2015-08-17 23:58 - 2015-08-17 23:58 - 00000093 _____ E:\Documents and Settings\Spravce\Plocha\222222222.txt
2015-08-16 10:26 - 2015-08-16 10:29 - 00000140 _____ E:\Documents and Settings\Spravce\Plocha\dauje.txt
2015-08-16 01:44 - 2015-08-16 01:44 - 00000000 ____D E:\7ff2e8afcb1f76c61f364ab6767e95bf
2015-08-15 20:43 - 2015-08-18 12:38 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\WinZipper
2015-08-15 20:26 - 2015-08-15 20:26 - 00000000 ____D E:\Documents and Settings\Spravce\Plocha\TESTY
2015-08-15 20:26 - 2015-08-15 20:26 - 00000000 ____D E:\Documents and Settings\Spravce\Plocha\temp
2015-08-15 20:26 - 2015-08-15 20:26 - 00000000 ____D E:\Documents and Settings\Spravce\Plocha\sc
2015-08-15 20:26 - 2015-07-26 09:48 - 95614089 _____ E:\Documents and Settings\Spravce\Plocha\xampp-win32-1.8.0-VC9-installer.exe
2015-08-15 20:25 - 2015-07-01 08:10 - 00001302 _____ E:\Documents and Settings\Spravce\Plocha\BOOTEX.LOG
2015-08-15 19:08 - 2015-08-15 19:08 - 00000000 ____H E:\Documents and Settings\Spravce\Dokumenty\Default.rdp
2015-08-15 11:51 - 2015-08-22 00:12 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\Adobe
2015-08-15 11:50 - 2015-08-15 11:50 - 00013176 _____ E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2015-08-15 10:54 - 2015-08-15 10:54 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\WinRAR
2015-08-15 09:24 - 2015-08-15 10:28 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Data aplikací\uTorrent
2015-08-15 09:24 - 2015-08-15 09:24 - 00000971 _____ E:\Documents and Settings\RoxDorUser\Plocha\µTorrent.lnk
2015-08-15 09:24 - 2015-08-15 09:24 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\uTorrent
2015-08-15 09:17 - 2015-08-27 19:12 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Dokumenty\Stažené soubory
2015-08-14 14:11 - 2015-08-14 14:11 - 00000803 _____ E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Internet Explorer.lnk
2015-08-14 14:11 - 2015-08-14 14:11 - 00000738 _____ E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Outlook Express.lnk
2015-08-14 14:11 - 2015-08-14 14:11 - 00000000 __SHD E:\Documents and Settings\RoxDorUser\IETldCache
2015-08-14 14:11 - 2015-08-14 14:11 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Dokumenty\Obrázky
2015-08-14 14:11 - 2015-08-14 14:11 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Dokumenty\Hudba
2015-08-14 14:10 - 2015-08-27 19:13 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Local Settings\Temp
2015-08-14 14:10 - 2015-08-27 19:11 - 00000000 ___HD E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací
2015-08-14 14:10 - 2015-08-27 19:11 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha
2015-08-14 14:10 - 2015-08-27 12:20 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy
2015-08-14 14:10 - 2015-08-24 22:12 - 00000000 __RHD E:\Documents and Settings\RoxDorUser\Data aplikací
2015-08-14 14:10 - 2015-08-24 21:33 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Po spuštění
2015-08-14 14:10 - 2015-08-23 11:55 - 00000788 _____ E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Windows Media Player.lnk
2015-08-14 14:10 - 2015-08-23 11:55 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Dokumenty
2015-08-14 14:10 - 2015-08-18 10:18 - 00000178 ___SH E:\Documents and Settings\RoxDorUser\ntuser.ini
2015-08-14 14:10 - 2015-08-14 14:11 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Oblíbené položky
2015-08-14 14:10 - 2015-08-14 14:11 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Příslušenství
2015-08-14 14:10 - 2015-04-17 00:17 - 00000000 ___RD E:\Documents and Settings\RoxDorUser\Nabídka Start
2015-08-14 14:10 - 2015-04-17 00:17 - 00000000 ___HD E:\Documents and Settings\RoxDorUser\Okolní tiskárny
2015-08-14 14:10 - 2015-04-17 00:17 - 00000000 ___HD E:\Documents and Settings\RoxDorUser\Okolní síť
2015-08-14 14:10 - 2015-04-16 22:40 - 00001599 _____ E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Vzdálená pomoc.lnk
2015-08-14 14:10 - 2015-04-16 22:35 - 00000000 ___HD E:\Documents and Settings\RoxDorUser\Šablony
2015-08-13 11:15 - 2007-12-13 20:56 - 00001231 _____ E:\Documents and Settings\Spravce\Plocha\index.html
2015-07-29 13:42 - 2015-07-29 13:42 - 00001565 _____ E:\Documents and Settings\Spravce\Plocha\IrfanView Thumbnails.lnk
2015-07-29 13:42 - 2015-07-29 13:42 - 00000000 ____D E:\Documents and Settings\Spravce\Nabídka Start\Programy\IrfanView

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-27 08:43 - 2015-05-30 08:09 - 00019510 _____ E:\WINDOWS\KB2868626.log
2015-10-27 08:43 - 2015-05-30 08:09 - 00018693 _____ E:\WINDOWS\KB2922229.log
2015-10-27 08:43 - 2015-05-30 08:09 - 00018611 _____ E:\WINDOWS\KB2916036.log
2015-10-27 08:42 - 2015-05-30 08:09 - 00016701 _____ E:\WINDOWS\KB2847311.log
2015-10-27 08:42 - 2015-04-16 22:40 - 00000000 ___HD E:\WINDOWS\$hf_mig$
2015-10-27 08:41 - 2015-05-30 08:08 - 00014368 _____ E:\WINDOWS\KB2898715.log
2015-10-27 08:40 - 2015-05-30 08:08 - 00012880 _____ E:\WINDOWS\KB2929961.log
2015-10-27 08:37 - 2015-05-30 08:08 - 00014749 _____ E:\WINDOWS\KB979687.log
2015-10-27 08:37 - 2015-05-30 08:08 - 00013187 _____ E:\WINDOWS\KB2876217.log
2015-10-27 08:37 - 2015-05-30 08:08 - 00011241 _____ E:\WINDOWS\KB2864063.log
2015-10-27 08:37 - 2015-04-16 22:41 - 00011878 _____ E:\WINDOWS\system32\TZLog.log
2015-10-27 08:35 - 2015-04-17 00:18 - 00000000 ____D E:\Program Files\NVIDIA Corporation
2015-10-27 08:31 - 2015-05-30 08:08 - 00009824 _____ E:\WINDOWS\KB2862152.log
2015-10-27 08:30 - 2015-06-05 19:41 - 00000000 ____D E:\Documents and Settings\All Users\Data aplikací\83e1bea40000769e
2015-10-27 08:29 - 2010-03-16 03:37 - 00276202 _____ E:\WINDOWS\system32\NvApps.xml
2015-08-27 19:13 - 2015-04-19 21:15 - 00000914 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-27 17:56 - 2015-04-16 22:38 - 01483963 _____ E:\WINDOWS\WindowsUpdate.log
2015-08-27 17:55 - 2015-05-30 15:32 - 00493135 _____ E:\WINDOWS\setupapi.log
2015-08-27 17:55 - 2015-04-16 22:49 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
2015-08-27 17:54 - 2015-05-25 18:45 - 00000000 ____D E:\WINDOWS\Minidump
2015-08-27 17:51 - 2015-07-20 11:40 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha\Programy
2015-08-27 17:50 - 2015-07-20 11:38 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha\WEBY
2015-08-27 17:50 - 2002-01-01 00:12 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha\Filmy
2015-08-27 17:49 - 2015-06-30 17:37 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha\hudba
2015-08-27 17:46 - 2015-06-05 19:14 - 00000000 ____D E:\Documents and Settings\Spravce\Local Settings\Temp
2015-08-27 17:11 - 2015-06-05 19:48 - 00009728 _____ E:\Documents and Settings\Spravce\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-27 17:10 - 2015-07-04 09:26 - 00000000 ____D E:\519a900e051d63ed4567
2015-08-27 17:10 - 2015-07-04 08:47 - 00000000 ____D E:\48ac4c67f40491cbb7
2015-08-27 16:52 - 2015-06-05 19:14 - 00000000 ____D E:\Documents and Settings\Spravce\Plocha
2015-08-27 12:34 - 2015-04-17 00:17 - 01366760 _____ E:\WINDOWS\system32\PerfStringBackup.INI
2015-08-27 12:32 - 2015-04-16 23:21 - 00002206 _____ E:\WINDOWS\system32\wpa.dbl
2015-08-27 11:50 - 2002-01-01 00:11 - 00013824 _____ E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-25 23:13 - 2015-04-16 22:49 - 00032346 _____ E:\WINDOWS\SchedLgU.Txt
2015-08-23 11:55 - 2015-04-16 22:36 - 00019305 _____ E:\WINDOWS\wmsetup.log
2015-08-23 02:31 - 2015-06-05 19:50 - 00000000 ____D E:\Documents and Settings\Spravce\Dokumenty\Stažené soubory
2015-08-22 23:35 - 2015-04-17 00:17 - 00000000 ___RD E:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-22 23:12 - 2015-04-17 00:17 - 00372018 _____ E:\WINDOWS\iis6.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00282255 _____ E:\WINDOWS\FaxSetup.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00181334 _____ E:\WINDOWS\ocgen.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00137891 _____ E:\WINDOWS\tsoc.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00105333 _____ E:\WINDOWS\comsetup.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00063544 _____ E:\WINDOWS\ntdtcsetup.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00020544 _____ E:\WINDOWS\MedCtrOC.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00017596 _____ E:\WINDOWS\ocmsn.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00014887 _____ E:\WINDOWS\tabletoc.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00014726 _____ E:\WINDOWS\msgsocm.log
2015-08-22 23:12 - 2015-04-17 00:17 - 00008107 _____ E:\WINDOWS\imsins.log
2015-08-22 23:02 - 2015-04-17 00:17 - 00100382 _____ E:\WINDOWS\msmqinst.log
2015-08-22 23:02 - 2015-04-17 00:17 - 00050437 _____ E:\WINDOWS\netfxocm.log
2015-08-22 20:54 - 2015-07-20 11:41 - 00000000 ____D E:\Documents and Settings\RoxDorUser\Plocha\Hry
2015-08-21 14:23 - 2015-04-17 00:59 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service
2015-08-16 11:12 - 2002-01-01 00:20 - 00000000 ____D E:\WINDOWS\system32\MRT
2015-08-16 10:46 - 2002-01-01 00:18 - 129304528 _____ (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2015-08-15 20:44 - 2015-04-17 00:15 - 00362616 _____ E:\WINDOWS\setupact.log
2015-08-15 19:04 - 2015-06-05 19:14 - 00000000 ___HD E:\Documents and Settings\Spravce\Local Settings\Data aplikací
2015-08-13 19:46 - 2015-07-06 02:27 - 00086016 ___SH E:\Documents and Settings\Spravce\Plocha\Thumbs.db
2015-08-13 19:13 - 2015-06-30 15:40 - 00000000 ____D E:\Documents and Settings\Spravce\Data aplikací\uTorrent
2015-08-11 08:10 - 2015-06-05 19:14 - 00000000 __RHD E:\Documents and Settings\Spravce\Data aplikací
2015-08-10 10:10 - 2015-06-05 19:14 - 00000000 ___RD E:\Documents and Settings\Spravce\Dokumenty
2015-08-10 09:53 - 2015-06-30 22:24 - 00000000 ____D E:\Documents and Settings\Spravce\Dokumenty\Visual Studio 2010
2015-08-04 17:31 - 2015-07-07 19:16 - 00000000 ____D E:\Documents and Settings\Spravce\Data aplikací\FileZilla
2015-07-29 13:42 - 2015-06-05 19:14 - 00000000 ___RD E:\Documents and Settings\Spravce\Nabídka Start\Programy

==================== Files in the root of some directories =======

2015-06-02 08:54 - 2015-06-02 15:26 - 0000079 _____ () E:\Program Files\prefs.js
2002-01-01 00:11 - 2015-08-27 11:50 - 0013824 _____ () E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-27 19:11 - 2015-08-27 19:11 - 0029696 _____ () E:\Documents and Settings\RoxDorUser\Local Settings\Data aplikací\MSGBOX.EXE
2015-05-20 18:25 - 2015-05-20 18:25 - 0000676 _____ () E:\Documents and Settings\All Users\Nabídka Start.lnk

Some files in TEMP:
====================
E:\Documents and Settings\Host\Local Settings\Temp\4a0dckeo.dll
E:\Documents and Settings\Host\Local Settings\Temp\o4i1hpgg.dll
E:\Documents and Settings\RoxDorUser\Local Settings\Temp\iv_uninstall.exe
E:\Documents and Settings\RoxDorUser\Local Settings\Temp\sqlite3.dll
E:\Documents and Settings\Spravce\Local Settings\Temp\g3z3buhw.dll
E:\Documents and Settings\Spravce\Local Settings\Temp\ReimagePackage.exe
E:\Documents and Settings\Spravce\Local Settings\Temp\ReiSysUpdate.exe
E:\Documents and Settings\Spravce\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
Startup: E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe [2015-08-24] ()
Startup: E:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe [2002-01-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1437073 ... 8573685736
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type=ds&ts=1 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1437073 ... 8573685736
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1 ... earchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1 ... earchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?type=ds&ts=1 ... earchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
Suggestor\WinToFlashSuggestor.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S4 WindowsMangerProtect; E:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S4 Update Teal Kitty; "E:\Program Files\Teal Kitty\updateTealKitty.exe" [X]
S4 Util Teal Kitty; "E:\Program Files\Teal Kitty\bin\utilTealKitty.exe" [X]
S3 cpuz134; \??\E:\DOCUME~1\Spravce\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
E:\Documents and Settings\Host\Local Settings\Temp
E:\Documents and Settings\RoxDorUser\Local Settings\Temp
E:\Documents and Settings\Spravce\Local Settings\Temp
End

Uložte do E:\Documents and Settings\RoxDorUser\Dokumenty\Stažené soubory jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[dominikvyt]

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02
Ran by RoxDorUser (2015-08-27 19:55:16) Run:1
Running from E:\Documents and Settings\RoxDorUser\Dokumenty\Stažené soubory
Loaded Profiles: RoxDorUser (Available Profiles: Spravce & RoxDorUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
Startup: E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe [2015-08-24] ()
Startup: E:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe [2002-01-01] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts= ... 8573685736
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.luckysearches.com/web/?type= ... 3685736&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts= ... 8573685736
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.luckysearches.com/web/?type= ... 3685736&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?type= ... 3685736&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.luckysearches.com/web/?type= ... 3685736&q={searchTerms}
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b& ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b& ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b& ... default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-606747145-2111687655-1801674531-1014 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b& ... default&q={searchTerms}
Suggestor\WinToFlashSuggestor.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S4 WindowsMangerProtect; E:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect\ProtectWindowsManager.exe [545280 2015-07-16] (Windows SysTool) [File not signed] <==== ATTENTION
S4 Update Teal Kitty; "E:\Program Files\Teal Kitty\updateTealKitty.exe" [X]
S4 Util Teal Kitty; "E:\Program Files\Teal Kitty\bin\utilTealKitty.exe" [X]
S3 cpuz134; \??\E:\DOCUME~1\Spravce\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
E:\Documents and Settings\Host\Local Settings\Temp
E:\Documents and Settings\RoxDorUser\Local Settings\Temp
E:\Documents and Settings\Spravce\Local Settings\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => value removed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => value removed successfully.
"E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe" => Could not move.
E:\Documents and Settings\Spravce\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe => moved successfully
E:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
E:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}" => key removed successfully.
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
HKU\S-1-5-21-606747145-2111687655-1801674531-1014\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-606747145-2111687655-1801674531-1014\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-606747145-2111687655-1801674531-1014\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => key removed successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => key not found. 
"HKU\S-1-5-21-606747145-2111687655-1801674531-1014\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => key removed successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => key not found. 
Suggestor\WinToFlashSuggestor.dll No File => Error: No automatic fix found for this entry.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
WindowsMangerProtect => service removed successfully.
Update Teal Kitty => service removed successfully.
Util Teal Kitty => service removed successfully.
cpuz134 => service removed successfully.
IntelIde => service removed successfully.
WS2IFSL => service removed successfully.
E:\Documents and Settings\Host\Local Settings\Temp => moved successfully
E:\Documents and Settings\RoxDorUser\Local Settings\Temp => moved successfully
E:\Documents and Settings\Spravce\Local Settings\Temp => moved successfully


The system needed a reboot.

==== End of Fixlog 19:56:07 ====

[Rudy]

Smazáno, log je již OK.

[dominikvyt]

Dobře děkuji moc

[Rudy]

Ještě se koukneme na BSOD. Otevřte adresář E:\WINDOWS\minidump, jeho obsah zabalte do raru a přiložte k vašemu příštímu postu.

[dominikvyt]

Omlouvám se ale ještě jsem na něco narazil při čištění zbytečných složek apd jsem narazil na podezřelý soubor
v :

Kód: Vybrat vše

E:\Documents and Settings\RoxDorUser\Nabídka Start\Programy\Po spuštění\151df13ab962b4a57d692a874bc59942.exe

Podle virustotal.com se jedná o nějaký druh Trojanu ale nejde smazat piše že je použiván jiným procesem ale žádny jsem pod takovým jmenem nenašel :/

[Rudy]

Ten soubor smažte. Problém s BSOD vypadá na chybný ovladač. Zkuste updatnout ovladač zákl. desky.

[dominikvyt]

nejde smazat piše že je použiván jiným procesem ale žádny jsem pod takovým jmenem nenašel :/

[Rudy]

Zkuste smazat v nouz. režimu.