Problém s instalací, potenciální vir

Zpráva

vikimellesova · #1 Příspěvek od **vikimellesova** » 29 bře 2015 15:38

Dobrý den,

Jsem tady nová. Tuhle stránku mi doporučil kamarád, protože mám v počítači viry a že tady mohu najít pomoc. Chtěla jsem si stáhnout FRST launcher, ale i když jsem vypla Nortona, nešlo to. Potřebovala bych nainstalovat Windows Movie Maker, ale vždy se na 70% instalace zastaví. Ve všech prohlížečích mám jako domovskou stránku "omiga-plus" Můj počítač je celkově pomalý, neustále se mi objevují bezpečnostní hlášení a reklamní okna. Nevím, co s tím dělat a velmi bych ocenila, kdyby mi s tím někdo pomohl. Mockrát děkuji.

#2 Příspěvek od **vyosek** » 29 bře 2015 15:44

Zdravim, pekne nedelni odpoledne preji a vitam Vas u nas na foru

Stahnete tedy jen FRST (ne FRSTLauncher) a ten spustte - postup je pak stejny

vikimellesova · #3 Příspěvek od **vikimellesova** » 29 bře 2015 17:27

Děkuji, i já Vás zdravím.
Nejde to. hlásí mi to že
C:\FRST.exe není platnou aplikací win32. Stopercentně jsem stáhla FRST pro win32.

oprava teď jsem to zkusila znova a šlo to

#4 Příspěvek od **vyosek** » 29 bře 2015 17:29

Zkuste jej stahnout jeste jednou, je mozne, ze se stahovani nedokoncilo

Pokud nepujde, tak dejte RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

vikimellesova · #5 Příspěvek od **vikimellesova** » 29 bře 2015 17:37

oprava teď jsem to zkusila znova a šlo to

přesně tak nedokončilo. teď dělám ten scan

#6 Příspěvek od **vyosek** » 29 bře 2015 17:40

OK, pockam si na nejaky log a pak uvidime co dale...

vikimellesova · #7 Příspěvek od **vikimellesova** » 29 bře 2015 17:46

Děkuji, přikládam log a addition.zip v příloze

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Viki (administrator) on VIKI-HP on 29-03-2015 18:39:06
Running from C:\Users\Viki\Downloads
Loaded Profiles: Viki (Available profiles: Viki)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\stacsv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-09-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-10-22] (Hewlett-Packard)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-13] (IDT, Inc.)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141624 2010-06-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\Run: [Google Update] => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe [231888 2010-06-23] (Adobe Systems, Inc.)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {2ceb73dd-9b3b-11df-ab35-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {2ceb7433-9b3b-11df-ab35-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {5f23afbe-50ad-11e1-b5b6-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {5f23afc2-50ad-11e1-b5b6-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {9edba75e-7a33-11df-b4f1-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {9edba76e-7a33-11df-b4f1-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {baf51943-9599-11df-b1a4-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {baf51946-9599-11df-b1a4-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...A8F59079A8D5}\localserver32: <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... earchTerms}
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... earchTerms}
URLSearchHook: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 - (No Name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No File
URLSearchHook: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 - (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E934F7B-B301-497A-922F-F19168CA5AFB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type ... earchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l= ... Z&unqvl=35
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 33383E0D93
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {2E934F7B-B301-497A-922F-F19168CA5AFB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type ... earchTerms}
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l= ... Z&unqvl=35
BHO: V9.0 Torntv 1.1 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files\V9.0 Torntv 1.1\V9.0 Torntv 1.1-bho.dll No File
BHO: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17] (Conduit Ltd.)
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-11-04] (Hewlett-Packard)
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-11-02] (DigitalPersona, Inc.)
BHO: sAvEnShare -> {5C200667-4193-7153-D995-B900A6513572} -> C:\ProgramData\sAvEnShare\n6g.dll No File
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL [2010-05-14] (Symantec Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> No Name - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No File
Toolbar: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{53E1E993-82AB-49DF-8580-3D521C07C469}: [NameServer] 160.218.161.60 194.228.211.33

FireFox:
========
FF ProfilePath: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: V9
FF DefaultSearchUrl: hxxp://websearch.the-searcheng.info/?pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35&l=1&q=
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5
FF Keyword.URL: hxxp://websearch.the-searcheng.info/?pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll [2010-06-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-06-09] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-07-11] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-07-11] (globalUpdate)
FF Plugin HKU\S-1-5-21-863753099-2656375040-3423559090-1002: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Viki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin HKU\S-1-5-21-863753099-2656375040-3423559090-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-863753099-2656375040-3423559090-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-06-30] (Apple Inc.)
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\askcom.xml [2010-09-20]
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\conduit.xml [2010-03-16]
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\V9.xml [2015-03-29]
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\WebSearch.xml [2013-10-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml [2014-12-24]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\omiga-plus.xml [2014-07-11]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\2020Player_IKEA@2020Technologies.com [2011-08-05]
FF Extension: Torntv V9.0 - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [2015-03-29]
FF Extension: Security Protection - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\detgdp@gmail.com [2014-12-24]
FF Extension: Fast Start - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\faststartff@gmail.com [2014-12-06]
FF Extension: sAvEnShare - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\ieyey@para-.edu [2013-10-13]
FF Extension: soaavensuharee - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\m73eyd3f.oeae@qapjlaoi.net [2013-10-13]
FF Extension: SearchNewTab - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\xu_rjmva@dxj-mlgpauu.com [2013-10-13]
FF Extension: FBPhotoZoom - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\fbphotozoom@installdaddy.com.xpi [2012-04-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-01]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2009-12-18]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2015-03-29]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\extensions\faststartff@gmail.com
FF HKLM\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\extensions\detgdp@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> v9
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Users\Viki\AppData\Local\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Viki\AppData\Local\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Viki\AppData\Local\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Viki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Viki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (soaavensuharee ) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdjoenpeijgechakijkgkbmcpbnamdm [2013-09-13]
CHR Extension: (FBPHOTOZOOM) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid [2012-04-08]
CHR Extension: (Google Wallet) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Security Protection) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2014-12-24]
CHR Extension: (Quick start) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-11]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom16.crx [2012-04-06]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-24]
StartMenuInternet: Google Chrome - c:\users\viki\appdata\local\google\chrome\application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2009-11-02] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-10-06] (Hewlett-Packard Ltd)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-11] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-11] (globalUpdate) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [126520 2010-11-15] (Hewlett-Packard Company)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [101944 2009-11-18] (Hewlett-Packard)
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-09-11] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [101944 2009-10-22] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-10-15] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-04] (Hewlett-Packard) [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-04] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\STacSV.exe [221266 2009-10-13] (IDT, Inc.)
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1639728 2009-10-06] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20150321.001\BHDrvx86.sys [1164504 2015-02-03] (Symantec Corporation)
R1 ccHP; C:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [485512 2011-08-04] (Symantec Corporation)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-12] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20150327.001\IDSvix86.sys [505048 2015-03-24] (Symantec Corporation)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-01-15] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83112 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-01-03] (Elex do Brasil Participações Ltda)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20150328.002\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20150328.002\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
R2 risdpcie; C:\windows\system32\DRIVERS\risdpe86.sys [47616 2009-10-29] (REDC)
R2 rixdpcie; C:\windows\system32\DRIVERS\rixdpe86.sys [38912 2009-09-29] (REDC)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-10-15] (McAfee, Inc.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2009-10-15] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-10-15] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-10-15] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-09-18] ()
R1 SRTSP; C:\windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS [325680 2010-04-22] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS [43696 2010-04-22] (Symantec Corporation)
R0 SymDS; C:\windows\System32\drivers\NIS\1109000.00C\SYMDS.SYS [328752 2009-08-30] (Symantec Corporation)
R0 SymEFA; C:\windows\System32\drivers\NIS\1109000.00C\SYMEFA.SYS [173176 2011-08-22] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2010-06-17] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [340088 2011-08-22] (Symantec Corporation)
S3 EraserUtilDrv11410; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 18:39 - 2015-03-29 18:40 - 00034450 _____ () C:\Users\Viki\Downloads\FRST.txt
2015-03-29 18:37 - 2015-03-29 18:39 - 00000000 ____D () C:\FRST
2015-03-29 18:31 - 2015-03-29 18:31 - 01135104 _____ (Farbar) C:\Users\Viki\Downloads\FRST.exe
2015-03-29 18:22 - 2015-03-29 18:23 - 01133652 _____ () C:\FRST.exe
2015-03-29 16:13 - 2015-03-29 16:35 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-03-29 16:12 - 2015-03-29 16:12 - 01067592 _____ (Wondershare) C:\Users\Viki\Downloads\video-editor_setup_full1107.exe
2015-03-29 15:52 - 2015-03-29 16:01 - 00099859 _____ () C:\Users\Viki\Downloads\software_removal_tool.log
2015-03-29 15:49 - 2015-03-29 15:49 - 00328668 _____ () C:\Users\Viki\Downloads\David's workshop.pages
2015-03-18 11:26 - 2015-03-18 12:30 - 00000000 ____D () C:\Users\Viki\Desktop\mobil
2015-03-11 09:36 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 09:36 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 09:36 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 09:36 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 09:36 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 09:36 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 09:36 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 09:36 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 09:36 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 09:36 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 09:36 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 09:36 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 09:36 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 09:36 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 09:36 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 09:36 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 09:36 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 09:36 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 09:36 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 09:36 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 09:36 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 09:36 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 09:36 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 09:36 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 09:36 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 09:36 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 09:36 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 09:36 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 09:36 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 09:36 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 09:00 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-11 09:00 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 09:00 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 09:00 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 09:00 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 09:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 09:00 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 09:00 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 09:00 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 09:00 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 09:00 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 09:00 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 09:00 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 09:00 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 09:00 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 09:00 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 09:00 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 09:00 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 09:00 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 08:59 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:59 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:59 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:59 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:58 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:58 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:58 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:58 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:58 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:58 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:58 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:58 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:58 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:58 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:57 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:57 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:57 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:57 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:57 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:57 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 18:35 - 2014-07-11 00:30 - 00000876 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-03-29 18:33 - 2014-07-11 00:33 - 00001418 _____ () C:\windows\Tasks\bfcaa547-4703-4c49-8e7b-f89846470218-5_user.job
2015-03-29 18:33 - 2014-07-11 00:33 - 00001402 _____ () C:\windows\Tasks\bfcaa547-4703-4c49-8e7b-f89846470218-5.job
2015-03-29 18:32 - 2014-07-11 00:32 - 00001306 _____ () C:\windows\Tasks\bfcaa547-4703-4c49-8e7b-f89846470218-2.job
2015-03-29 18:31 - 2014-07-11 00:31 - 00002262 _____ () C:\windows\Tasks\bfcaa547-4703-4c49-8e7b-f89846470218-4.job
2015-03-29 18:30 - 2014-07-11 00:30 - 00003446 _____ () C:\windows\Tasks\bfcaa547-4703-4c49-8e7b-f89846470218-11.job
2015-03-29 18:30 - 2014-07-11 00:30 - 00001508 _____ () C:\windows\Tasks\bfcaa547-4703-4c49-8e7b-f89846470218-6.job
2015-03-29 18:09 - 2010-05-11 10:07 - 01886166 _____ () C:\windows\WindowsUpdate.log
2015-03-29 18:04 - 2010-06-17 20:37 - 00000958 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863753099-2656375040-3423559090-1002UA.job
2015-03-29 16:31 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 16:31 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 15:18 - 2009-12-18 08:21 - 01596928 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-29 15:15 - 2009-12-18 08:34 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-29 15:14 - 2014-07-11 00:30 - 00000872 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-03-29 15:13 - 2014-08-20 11:45 - 00010106 _____ () C:\windows\setupact.log
2015-03-29 15:13 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-28 13:04 - 2010-06-17 20:37 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863753099-2656375040-3423559090-1002Core.job
2015-03-23 12:06 - 2010-06-17 20:40 - 00002495 _____ () C:\Users\Viki\Desktop\Google Chrome.lnk
2015-03-18 12:24 - 2014-07-11 00:28 - 00000000 ____D () C:\Program Files\TornTV.com
2015-03-15 11:48 - 2010-09-18 18:05 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Skype
2015-03-13 15:24 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-03-11 19:22 - 2009-07-14 06:33 - 00457672 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 19:18 - 2014-08-20 11:44 - 00003974 _____ () C:\windows\PFRO.log
2015-03-11 10:28 - 2013-07-26 22:34 - 00000000 ____D () C:\windows\system32\MRT
2015-03-11 10:17 - 2010-07-01 21:51 - 119837696 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-27 11:28 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing

==================== Files in the root of some directories =======

2010-06-17 19:21 - 2010-06-17 19:21 - 0000000 _____ () C:\Users\Viki\AppData\Local\AtStart.txt
2012-03-28 18:52 - 2014-07-11 00:34 - 0011776 _____ () C:\Users\Viki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-17 19:21 - 2010-06-17 19:21 - 0000000 _____ () C:\Users\Viki\AppData\Local\DSwitch.txt
2010-06-17 19:21 - 2010-06-17 19:21 - 0000000 _____ () C:\Users\Viki\AppData\Local\QSwitch.txt
2010-09-18 18:08 - 2010-09-18 18:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-28 14:41

==================== End Of Log ============================

#8 Příspěvek od **vyosek** » 29 bře 2015 17:48

Tam toho je, cela zoo i s babkou pokladni

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

vikimellesova · #9 Příspěvek od **vikimellesova** » 29 bře 2015 19:15

oki, mám tady nejaký zvlášní program na zipování "allzip od ESTcorp"
dalsi jest "YAC"
a posledni je skype. neda se vypnout.

a tohle je log z ADWCleaner
ZOEK se nedá spustit

# AdwCleaner v4.113 - Logfile created 29/03/2015 at 19:43:56
# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Viki - VIKI-HP
# Running from : C:\Users\Viki\Desktop\adwcleaner_4.113.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : WindowsMangerProtect
Service Deleted : iSafeKrnlMon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\sAvEnShare
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\soaavensuharee
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\fbphotozoom
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\ss helper
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\WebSpades
Folder Deleted : C:\Program Files\WinZipper
[!] Folder Deleted : C:\Program Files\Elex-tech
Folder Deleted : C:\Program Files\V9.0 Torntv 1.1
Folder Deleted : C:\Users\Viki\AppData\Local\Conduit
Folder Deleted : C:\Users\Viki\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Viki\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Viki\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Viki\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Viki\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Viki\AppData\Roaming\WinZipper
[!] Folder Deleted : C:\Users\Viki\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\detgdp@gmail.com
Folder Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\ieyey@para-.edu
Folder Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\m73eyd3f.oeae@qapjlaoi.net
Folder Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\xu_rjmva@dxj-mlgpauu.com
Folder Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
[!] Folder Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx
Folder Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid
Folder Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdjoenpeijgechakijkgkbmcpbnamdm
File Deleted : C:\windows\system32\conduitEngine.tmp
File Deleted : C:\windows\system32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\windows\system32\Drivers\iSafeNetFilter.sys
File Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\delta-homes.xml
File Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\v9.xml
File Deleted : C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\WebSearch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\omiga-plus.xml
File Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage
File Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.omiga-plus.com_0.localstorage
File Deleted : C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.omiga-plus.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : bfcaa547-4703-4c49-8e7b-f89846470218-11
Task Deleted : bfcaa547-4703-4c49-8e7b-f89846470218-2
Task Deleted : bfcaa547-4703-4c49-8e7b-f89846470218-4
Task Deleted : bfcaa547-4703-4c49-8e7b-f89846470218-5
Task Deleted : bfcaa547-4703-4c49-8e7b-f89846470218-5_user
Task Deleted : bfcaa547-4703-4c49-8e7b-f89846470218-6

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
Shortcut Disinfected : C:\Users\Viki\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Viki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.61 1250.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [detgdp@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\savenshare.savenshare
Key Deleted : HKLM\SOFTWARE\Classes\savenshare.savenshare.5.10
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{25a98636}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0051390.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C200667-4193-7153-D995-B900A6513572}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C200667-4193-7153-D995-B900A6513572}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C200667-4193-7153-D995-B900A6513572}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5C200667-4193-7153-D995-B900A6513572}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511131190}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5C200667-4193-7153-D995-B900A6513572}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ba2cd78-ba8c-475b-8777-9dae5ad3eda5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ab396841-fcaa-4b49-b597-5d8210dafb68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de33629b-f7f4-4e69-b19c-a5afc49781d2}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\WebSpades
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\V9.0 Torntv 1.1
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\WebSpades
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Elex-tech
Key Deleted : HKLM\SOFTWARE\V9.0 Torntv 1.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebSpades
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\V9.0 Torntv 1.1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v5.0.1 (en-US)

[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1750559&octid=EB_ORIGINAL_CTID&SearchSource=1");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1750559");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT1750559.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2405280&octid=EB_ORIGINAL_CTID&SearchSource=1");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2405280");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.backendstorage.autocompletepro_enable", "31");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.backendstorage.autocompletepro_enable_auto", "31");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CT2405280.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"f79082966669a5fb74491c1b030c50003\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2405280/CT2405280", "\"4a06651e85c20007ba246323d9c6c5d33\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/CZ", "\"0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1357730213\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", "\"1367226765\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us&ctid=CT1750559", "b5I8zzzMgsg0XG/fawLlFw==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us&ctid=CT1750559", "9uXRY86McHhmOreOHsv6MA==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "UgzXjW7BIkfdx+x39Ruv3w==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us&ctid=CT1750559", "0BEXfBAJ1PdxmWK9VOejOg==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559", "ZI41WLbm1fFgx4gn0bs99Q==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us&ctid=CT1750559&UM=UM_UNINSTALL_ID", "ZU6zjERHpZr7lBpInn+HyA==");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"80b45d28468cd1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0343677cfb1cd1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"9f8d2729abc2ce1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2405280", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1750559&octid=CT1750559", "\"1323775168\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"405d38d108469fce05d3952aafd30f55\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"e0681bed78ad068a85c7ae4073122c0f\"");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Viki\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\pm2fgvvi.default\\conduitCommon\\modules\\3.18.0.7");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2405280,CT1750559");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT1750559");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Feb 07 2012 20:32:48 GMT+0100");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "d2438569-9844-4733-b558-0ed021700ca3");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Nov 01 2013 19:53:38 GMT+0100");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Nov 12 2013 19:42:18 GMT+0100");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Nov 12 2013 19:42:10 GMT+0100");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "7bcecdf5-0d3e-4523-a6f5-f6e126d31035");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "Softonic-Eng7 Customized Web Search");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.the-searcheng.info/?pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35&l=1&q=");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14a1f88ede9cf92c467916572ea0a4e8");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://websearch.the-searcheng.info/?pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35&l=1&q=");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[pm2fgvvi.default\prefs.js] - Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.the-searcheng.info/?l=1&q={searchTerms}&pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5&q={searchTerms}
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5&q={searchTerms}
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5&q={searchTerms}
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5&q={searchTerms}
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1419373920&from=wpm12233&uid=ST9320423AS_5VH2GMR5&q={searchTerms}
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.delta-homes.com/web/?type=ds&ts=1419373920&from=wpm12233&uid=ST9320423AS_5VH2GMR5&q={searchTerms}
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1423467794&fr ... Y5LmNvbQ==
[C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1423467794&fr ... Y5LmNvbQ==

*************************

AdwCleaner[R0].txt - [37970 bytes] - [29/03/2015 19:37:19]
AdwCleaner[S0].txt - [39763 bytes] - [29/03/2015 19:43:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39823 bytes] ##########

#10 Příspěvek od **vyosek** » 30 bře 2015 10:43

Pokracujte prosim Zoek-em...vse odstranime...

vikimellesova · #11 Příspěvek od **vikimellesova** » 31 bře 2015 23:05

Zoek mi pořád nešel spustit, ale pak se mi podařilo otevřít ho ve WinZip a přetáhnout na plochu. Je možné, že proto nefunguje úplně správně, nevím. Když jsem Zoek dostala na plochu, snažila jsem se ho spustit jako správce, ale nešlo to. Tak jsem ho otevřela normálně, zadala skript, který jste uvedl a dala Run script. Otevřelo se okno, které upozorňovalo na to, že zoek pracuje a že až skončí, tak se počítač restartuje a dá mi log. Nicméně Zoek je už více než hodinu neaktivní, ale počítač se nerestartoval. Tady je to, co mi z programu vyšlo.

a
Zoek.exe v5.0.0.0 Updated 29-March-2015
Tool run by Viki on Łt 31.03.2015 at 22:39:04,71.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Viki\Desktop\zoek.com [Scan all users] [Script inserted]

===== Runcheck 22:39:47,67 =====

--- Create Environment Variables 22:39:49,73
--- Checking Input 22:40:02,13
--- Reset Hosts File 22:40:24,80
--- AU AppData Check 22:40:25,99
--- Remove From Windows Installer 22:40:30,39
--- Empty Folders Check 22:43:16,35
--- Registry HKLM Software Check 22:43:16,39
--- Quick Launch Shortcut Check 22:44:17,67
--- IE Startpage Check 22:44:24,01
--- Program Files DB Check 22:45:41,37
--- C:\Users\Default\AppData\Roaming DB Check 22:46:50,85
--- C:\Users\Default User\AppData\Roaming DB Check 22:46:50,85
--- C:\Users\Viki\AppData\Roaming DB Check 22:46:50,85
--- C:\windows\system32\config\systemprofile\AppData\Roaming DB Check 22:46:50,85
--- C:\windows\serviceprofiles\networkservice\AppData\Roaming DB Check 22:46:50,85
--- C:\windows\serviceprofiles\Localservice\AppData\Roaming DB Check 22:46:50,85
--- C:\Users\Viki DB Check 22:49:48,07
--- C:\PROGRA~2 DB Check 22:50:18,34
--- C:\Users\Default\AppData\Local DB Check 22:50:25,62
--- C:\Users\Default User\AppData\Local DB Check 22:50:25,62
--- C:\Users\TEMP\AppData\Local DB Check 22:50:25,62
--- C:\Users\Viki\AppData\Local DB Check 22:50:25,62
--- C:\windows\system32\config\systemprofile\AppData\Local DB Check 22:50:25,62
--- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check 22:50:25,62
--- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check 22:50:25,62
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 22:52:45,45
--- C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 22:53:00,24
--- Tasks DB Check 22:53:10,30
--- Downloads DB Check 22:53:15,96
--- C:\Users\Default\AppData\LocalLow DB Check 22:53:22,64
--- C:\Users\Default User\AppData\LocalLow DB Check 22:53:22,64
--- C:\Users\Viki\AppData\LocalLow DB Check 22:53:22,64
--- C:\windows\system32\config\systemprofile\AppData\LocalLow DB Check 22:53:22,64
--- C:\windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 22:53:22,64
--- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 22:53:22,64
--- Tasks2 DB Check 22:54:55,32
--- Documents DB Check 22:55:39,65
--- C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default DB Check 22:55:51,07
--- C:\Users\Public\Desktop DB Check 22:55:54,52
--- C:\Users\Viki\Desktop DB Check 22:56:01,71
--- Services DB Check 22:56:15,22
--- FF prefs.js DB Check 22:56:59,51
--- Emptyclsid 22:58:08,88
--- Del by CLSID 22:58:15,75
--- Delete Services 22:59:34,76
--- Firefox Fix 22:59:49,40

#12 Příspěvek od **vyosek** » 01 dub 2015 08:01

Mrknete, jestli se vytvoril log c:\zoek_result.log a pripadne mi jej sem dejte

vikimellesova · #13 Příspěvek od **vikimellesova** » 06 dub 2015 13:20

Mám tu 2 věci: první je zoek-results:

Zoek.exe v5.0.0.0 Updated 29-March-2015
Tool run by Viki on Łt 31.03.2015 at 22:39:04,71.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Viki\Desktop\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-03-31-185632.log 17012 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Viki\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

Druhý je zoek-results2015-03-31-185632

Zoek.exe v5.0.0.0 Updated 29-March-2015
Tool run by Viki on Łt 31.03.2015 at 20:28:37,06.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Viki\Desktop\zoek.com [Scan all users] [Script inserted]

==== System Restore Info ======================

31.3.2015 20:30:08 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Webteh deleted successfully
C:\PROGRA~2\Web Light deleted successfully
C:\Users\Viki\AppData\Roaming\Opera deleted successfully
C:\Users\Viki\AppData\Roaming\uTorrent deleted successfully
C:\Users\Viki\AppData\Local\Opera deleted successfully
C:\Users\Viki\AppData\Local\PDFC deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{108417DF-701B-40DB-BBF9-A1ED78304A78} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13927545-DA32-4BA4-AFFA-E57540964589} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{148F3820-466D-46AD-8DD-98EAD6BA3DF} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16E04A30-273B-4B4D-BB6B-119AE8D9B53} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{193AC3F9-F0BC-49F4-8A85-FA377C2BFD75} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282FB03C-B614-4717-A92-A825E11E502C} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{290E4888-D485-46F6-9189-F4B27AC4DAD7} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37A803DB-DF2-40B2-825B-CB498EC5E0FA} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F451FA-191C-494C-9C11-4C6569EC7DB2} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F6BBD07-94E7-46F6-8FAD-E551BA1356A} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{419137B7-8C79-4D99-84FD-66564AD374D7} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{461CDA21-E97A-437A-9C3B-7433EBC9B323} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AD63F27-4DFE-49A0-8043-9971B7BDE6D} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C4F8EAC-6BC-441C-8C4-ABFF76DF8378} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D8E3A10-6A6A-4C54-A1D4-C689B1E697C} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{500370FE-39C1-4916-8DFE-1798B2923956} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54A90E10-53CF-436B-B7ED-2BD5328F35E1} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55B3E9D6-F919-42EB-AC66-18CDC083405A} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56834810-BBED-4133-8F1C-3149E6112E5B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56EA45AB-AF00-4A2A-A4B7-F41F5516AA41} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ba2cd78-ba8c-475b-8777-9dae5ad3eda5} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C8B56D-73FD-4F98-976-131D54638C0} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D930F23-1E9D-478B-A7C1-1C508447B18B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA0499F-4962-40BC-9B3A-FD7E64157AB1} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E53A6B2-95B2-4494-A7BA-D5A621A939B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60B08E21-9446-4A32-AC22-5141C4DE2FB5} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65614D9E-1BCA-44DF-83FC-B1642472DB} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A74E129-549E-415C-A8C-45F9404BFB2B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70E6A843-6FC6-4CF3-9E5C-FA54DB26C4CB} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7405E87A-ABA6-442F-BF9A-922B7645333B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76683B4B-57D2-4CCF-B81B-94F9B874CBD9} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A92234A-B9AD-4B38-A7BF-4EE07961CB62} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{806E21B1-6C23-4296-9667-DDA45B999A49} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{884AD0AE-F8D5-441B-A32F-2FAE47E2F88} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A2AE43C-CEC9-4126-BF1E-255F654453F0} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CB1DFA2-9746-4995-8A76-337F247D5959} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94906FC0-F34F-4F62-981B-B87063BDC3F5} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A34E8DA-E28-47E3-B040-F78432C3568} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF66515-C58F-4051-AD66-D150E33A7FF5} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F3AC75A-22EA-46A5-8BF1-BCCA21B628EA} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18696C9-7B14-458E-8CD0-D210D8F82C88} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6B743D5-16EA-421D-9352-E26E47B02F7B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8CFAE-8ED0-427A-953D-76AC985DB53B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA03BE03-E957-47F9-BC75-5255D19E97E} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAAF832D-3026-4564-8639-CF31B1C9E0B2} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ab396841-fcaa-4b49-b597-5d8210dafb68} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACCBC7CB-5422-4A2E-B647-CF496759D850} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADA0C0E4-D194-43F7-AF10-1FBF54B36457} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFC43CE0-EB6F-450F-BB1B-693B7F377E6A} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2176153-8E8A-468F-9D5C-5483BA6B4CE4} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B50AA90B-3486-4543-AAB7-C3705240FD8F} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7B6D857-1FDD-437E-AA77-2EDBC3BBA4E} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B805F962-F63-409C-92A8-B52189E7A427} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B92FF4B-27D2-4823-85EC-775D5D499EB0} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9A7587-5DF8-43D6-8FD4-E81F5E2107F} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BDAD78B7-40B0-4DDE-82AD-0BC9E53C58} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C557A5A6-41E8-4A6A-B55C-A0D86ACB9BEB} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7E33325-C92C-42F2-8760-73D0145754B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC03FF-82C7-432C-A31F-74078319FC} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD898B1A-2199-47DA-B135-93D2F466CF} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3506453-4110-4FB1-8681-3AA79B8B38F} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA8256F2-414F-4869-A0C0-4D4FEE308FCB} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBB4F75E-9F38-4219-AE5A-A0661EAE37CF} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{de33629b-f7f4-4e69-b19c-a5afc49781d2} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE9C9B03-DD7-4E16-AF30-758FC1E5CD} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3CDD0E9-A132-4958-8096-6D20683B195B} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E65FA7BF-DDE1-4CF6-B090-E8998BE85C} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C80CF4-A0DC-428D-8196-29E5E8CE21DA} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECC1F7D8-E113-4D9D-8B45-754887608522} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F18D572C-AF16-48DD-B2BE-FDD31E6DEB} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F36DE491-AA16-4630-83C6-88DA9B6F9} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63CD617-E15E-488F-A220-221103425E5} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F73431E2-7C7F-46C9-855F-DC202732D2A0} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8885D4E-B974-4C8B-ACDF-3692AAE799EA} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FACD2A85-536B-49A0-846-107E4545DF74} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully
HKEY_USERS\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully

==== Deleting Services ======================

#14 Příspěvek od **vyosek** » 11 dub 2015 09:08

Poprosim o novy log z FRST

vikimellesova · #15 Příspěvek od **vikimellesova** » 12 dub 2015 20:54

Addition.7z: (11.11 KiB) Staženo 64 x

Tady je FRST log a Addition. Děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Viki (administrator) on VIKI-HP on 12-04-2015 21:43:03
Running from C:\Users\Viki\Desktop\FRST-OlderVersion
Loaded Profiles: Viki (Available profiles: Viki)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\stacsv.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Viki\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-09-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-10-22] (Hewlett-Packard)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11264000 2009-11-04] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-10-20] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-13] (IDT, Inc.)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [141624 2010-06-15] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\runonceex: [ContentMerger] => c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP: C:\windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\Run: [Google Update] => C:\Users\Viki\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {2ceb73dd-9b3b-11df-ab35-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {2ceb7433-9b3b-11df-ab35-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {5f23afbe-50ad-11e1-b5b6-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {5f23afc2-50ad-11e1-b5b6-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {9edba75e-7a33-11df-b4f1-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {9edba76e-7a33-11df-b4f1-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {baf51943-9599-11df-b1a4-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...\MountPoints2: {baf51946-9599-11df-b1a4-002713996b82} - D:\AutoRun.exe
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\...A8F59079A8D5}\localserver32: <==== ATTENTION!
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
HKU\S-1-5-21-863753099-2656375040-3423559090-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... S_5VH2GMR5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E934F7B-B301-497A-922F-F19168CA5AFB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type ... earchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l= ... Z&unqvl=35
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL =
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... 33383E0D93
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {2E934F7B-B301-497A-922F-F19168CA5AFB} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type ... earchTerms}
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.the-searcheng.info/?l= ... Z&unqvl=35
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-11-04] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2009-11-02] (DigitalPersona, Inc.)
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL [2010-05-14] (Symantec Corporation)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-863753099-2656375040-3423559090-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll [2011-07-13] (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File []
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{53E1E993-82AB-49DF-8580-3D521C07C469}: [NameServer] 160.218.161.60 194.228.211.33

FireFox:
========
FF ProfilePath: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchUrl: hxxp://websearch.the-searcheng.info/?pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35&l=1&q=
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1405031808&from=ild&uid=ST9320423AS_5VH2GMR5
FF Keyword.URL: hxxp://websearch.the-searcheng.info/?pid=1232&r=2013/09/13&hid=7150630351510857595&lg=EN&cc=CZ&unqvl=35&l=1&q=
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll [2010-06-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2010-06-09] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-863753099-2656375040-3423559090-1002: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Viki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-06-09] ( )
FF Plugin HKU\S-1-5-21-863753099-2656375040-3423559090-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-863753099-2656375040-3423559090-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Viki\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-06-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-06-30] (Apple Inc.)
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\askcom.xml [2010-09-20]
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\conduit.xml [2010-03-16]
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\V9.xml [2015-04-09]
FF SearchPlugin: C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\searchplugins\WebSearch.xml [2013-10-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\delta-homes.xml [2014-12-24]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\omiga-plus.xml [2014-07-11]
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\2020Player_IKEA@2020Technologies.com [2011-08-05]
FF Extension: Torntv V9.0 - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com [2015-03-29]
FF Extension: FBPhotoZoom - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\Extensions\fbphotozoom@installdaddy.com.xpi [2012-04-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-11-01]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2009-12-18]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2015-04-12]
FF Extension: No Name - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\extensions\faststartff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Viki\AppData\Roaming\Mozilla\Firefox\Profiles\pm2fgvvi.default\extensions\detgdp@gmail.com [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> v9
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Users\Viki\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Viki\AppData\Local\Google\Chrome\Application\41.0.2272.118\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Viki\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.6) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Viki\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Viki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (No Name) - C:\Users\Viki\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh [2015-03-29]
StartMenuInternet: Google Chrome - c:\users\viki\appdata\local\google\chrome\application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-08-03] (LSI Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300808 2009-11-02] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-10-06] (Hewlett-Packard Ltd)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [126520 2010-11-15] (Hewlett-Packard Company)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [101944 2009-11-18] (Hewlett-Packard)
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2009-09-11] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [101944 2009-10-22] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-10-15] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-11-04] (Hewlett-Packard) [File not signed]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-03-20] (Elex do Brasil Participações Ltda)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-04] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_499a67a913bde1c7\STacSV.exe [221266 2009-10-13] (IDT, Inc.)
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1639728 2009-10-06] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20150321.001\BHDrvx86.sys [1164504 2015-02-03] (Symantec Corporation)
R1 ccHP; C:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [485512 2011-08-04] (Symantec Corporation)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv.sys [32312 2009-09-08] (Hewlett-Packard Development Company L.P.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-12] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20150410.001\IDSvix86.sys [505048 2015-03-24] (Symantec Corporation)
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-03-20] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-03-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83752 2015-03-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-03-20] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-03-20] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-02-17] (Elex do Brasil Participações Ltda)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20150408.035\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20150408.035\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
R2 risdpcie; C:\windows\system32\DRIVERS\risdpe86.sys [47616 2009-10-29] (REDC)
R2 rixdpcie; C:\windows\system32\DRIVERS\rixdpe86.sys [38912 2009-09-29] (REDC)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-10-15] (McAfee, Inc.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2009-10-15] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-10-15] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-10-15] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-09-18] ()
R1 SRTSP; C:\windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS [325680 2010-04-22] (Symantec Corporation)
R1 SRTSPX; C:\windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS [43696 2010-04-22] (Symantec Corporation)
R0 SymDS; C:\windows\System32\drivers\NIS\1109000.00C\SYMDS.SYS [328752 2009-08-30] (Symantec Corporation)
R0 SymEFA; C:\windows\System32\drivers\NIS\1109000.00C\SYMEFA.SYS [173176 2011-08-22] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2010-06-17] (Symantec Corporation)
R1 SymIRON; C:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation)
R1 SYMTDIv; C:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [340088 2011-08-22] (Symantec Corporation)
S3 EraserUtilDrv11410; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 21:38 - 2015-04-12 21:43 - 00000000 ____D () C:\Users\Viki\Desktop\FRST-OlderVersion
2015-04-09 20:02 - 2015-03-20 05:49 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeKrnlBoot.sys
2015-04-08 00:38 - 2015-04-08 00:38 - 04719040 _____ () C:\Users\Viki\Downloads\Mellesova (1) (1).avi
2015-04-08 00:22 - 2015-04-08 00:22 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-08 00:22 - 2015-04-08 00:22 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-07 00:44 - 2015-04-07 00:44 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-07 00:39 - 2015-04-07 00:39 - 04719040 _____ () C:\Users\Viki\Downloads\Mellesova (2).avi
2015-04-07 00:39 - 2015-04-07 00:39 - 04719040 _____ () C:\Users\Viki\Downloads\Mellesova (1).avi
2015-04-06 14:14 - 2015-04-06 14:14 - 00000000 ____D () C:\Users\Viki\AppData\Local\PDFC
2015-04-01 00:06 - 2015-04-01 00:06 - 04719040 _____ () C:\Users\Viki\Downloads\Mellesova.avi
2015-03-31 22:58 - 2015-03-31 22:58 - 00000000 ____D () C:\zoek
2015-03-31 22:40 - 2015-03-31 20:56 - 00017012 _____ () C:\zoek-results2015-03-31-185632.log
2015-03-31 22:39 - 2015-03-31 22:59 - 00002875 _____ () C:\runcheck.txt
2015-03-31 22:30 - 2015-03-31 22:30 - 00001909 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-03-31 22:30 - 2015-03-31 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-31 20:50 - 2015-03-31 22:58 - 00000042 _____ () C:\folders.log
2015-03-31 20:29 - 2015-03-31 22:59 - 00001555 _____ () C:\zoek-results.log
2015-03-31 20:25 - 2015-03-31 20:25 - 00000000 ____D () C:\zoek_backup
2015-03-31 20:23 - 2015-04-06 16:00 - 02873190 _____ () C:\Users\Viki\Downloads\zoek.zip
2015-03-31 20:23 - 2015-03-31 20:23 - 04317228 _____ () C:\Users\Viki\Downloads\zoek.rar
2015-03-31 20:22 - 2015-03-31 20:23 - 01305600 _____ () C:\Users\Viki\Downloads\zoek.exe
2015-03-29 22:01 - 2015-03-29 22:01 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-03-29 22:01 - 2015-03-29 22:01 - 00000000 ____D () C:\windows\cs
2015-03-29 22:00 - 2015-03-29 22:00 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-03-29 21:57 - 2015-03-29 21:57 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-29 21:55 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-03-29 21:55 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-03-29 21:55 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-03-29 21:55 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-03-29 21:55 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2015-03-29 21:46 - 2015-03-30 00:14 - 00000000 ____D () C:\Users\Viki\AppData\Local\Windows Live
2015-03-29 21:46 - 2015-03-29 21:46 - 01243336 _____ (společnost Microsoft Corporation) C:\Users\Viki\Downloads\wlsetup-web.exe
2015-03-29 20:17 - 2015-03-29 20:17 - 00000000 ____D () C:\Users\Viki\Downloads\zoek
2015-03-29 20:13 - 2015-03-29 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-29 20:13 - 2015-03-29 20:13 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-29 19:59 - 2015-03-29 19:59 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Elex-tech
2015-03-29 19:59 - 2015-02-17 05:51 - 00044712 _____ (Elex do Brasil Participações Ltda) C:\windows\system32\Drivers\iSafeNetFilter.sys
2015-03-29 19:33 - 2015-03-29 19:50 - 00000000 ____D () C:\AdwCleaner
2015-03-29 19:32 - 2015-03-29 19:32 - 02168320 _____ () C:\Users\Viki\Desktop\adwcleaner_4.113.exe
2015-03-29 18:55 - 2015-03-29 18:56 - 21530276 _____ (Malwarebytes Corporation ) C:\Users\Viki\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-29 18:44 - 2015-03-29 18:44 - 00014075 _____ () C:\Users\Viki\Downloads\Addition.zip
2015-03-29 18:40 - 2015-03-29 18:41 - 00053267 _____ () C:\Users\Viki\Downloads\Addition.txt
2015-03-29 18:39 - 2015-03-29 18:41 - 00052659 _____ () C:\Users\Viki\Downloads\FRST.txt
2015-03-29 18:37 - 2015-04-12 21:43 - 00000000 ____D () C:\FRST
2015-03-29 18:22 - 2015-03-29 18:23 - 01133652 _____ () C:\FRST.exe
2015-03-29 16:13 - 2015-03-29 16:35 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-03-29 16:12 - 2015-03-29 16:12 - 01067592 _____ (Wondershare) C:\Users\Viki\Downloads\video-editor_setup_full1107.exe
2015-03-29 15:52 - 2015-03-29 16:01 - 00099859 _____ () C:\Users\Viki\Downloads\software_removal_tool.log
2015-03-29 15:49 - 2015-03-29 15:49 - 00328668 _____ () C:\Users\Viki\Downloads\David's workshop.pages
2015-03-18 11:26 - 2015-03-18 12:30 - 00000000 ____D () C:\Users\Viki\Desktop\mobil

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-12 21:41 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 21:41 - 2009-07-14 06:34 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 21:36 - 2010-05-11 10:07 - 01648529 _____ () C:\windows\WindowsUpdate.log
2015-04-12 21:33 - 2009-12-18 08:21 - 01596928 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-12 21:28 - 2010-06-17 19:17 - 00124336 _____ () C:\Users\Viki\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-12 21:27 - 2009-12-18 08:34 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-04-12 21:27 - 2009-07-14 06:33 - 00457672 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-12 21:26 - 2014-08-20 11:45 - 00010554 _____ () C:\windows\setupact.log
2015-04-12 21:26 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-10 00:46 - 2009-12-18 08:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-10 00:45 - 2010-06-17 19:49 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-04-10 00:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-10 00:04 - 2010-06-17 20:37 - 00000958 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863753099-2656375040-3423559090-1002UA.job
2015-04-06 16:04 - 2010-06-17 20:40 - 00002321 _____ () C:\Users\Viki\Desktop\Google Chrome.lnk
2015-04-06 14:13 - 2014-08-20 11:44 - 00413916 _____ () C:\windows\PFRO.log
2015-03-31 22:40 - 2010-06-19 14:21 - 00000000 ____D () C:\Users\Viki\AppData\Local\CrashDumps
2015-03-31 22:30 - 2010-06-17 19:17 - 00001903 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-03-31 22:30 - 2010-06-17 19:17 - 00000000 ____D () C:\Program Files\WinZip
2015-03-31 21:21 - 2010-09-18 18:05 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Skype
2015-03-31 21:21 - 2010-05-11 10:19 - 00000000 ____D () C:\ProgramData\Skype
2015-03-31 19:57 - 2010-07-05 21:09 - 00000000 ____D () C:\Program Files\ESTsoft
2015-03-29 21:57 - 2010-06-17 19:18 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-29 20:12 - 2012-02-10 13:46 - 00000000 ____D () C:\Program Files\Opera
2015-03-29 20:05 - 2010-07-05 21:09 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\ESTsoft
2015-03-29 20:05 - 2010-07-05 21:09 - 00000000 ____D () C:\ProgramData\ESTsoft
2015-03-29 19:49 - 2011-08-03 11:31 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-29 19:49 - 2010-06-19 14:39 - 00000967 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-03-29 19:49 - 2010-06-17 20:40 - 00000000 ____D () C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-29 19:49 - 2010-06-17 19:21 - 00001080 _____ () C:\Users\Viki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-28 13:04 - 2010-06-17 20:37 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-863753099-2656375040-3423559090-1002Core.job
2015-03-13 15:24 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache

==================== Files in the root of some directories =======

2010-06-17 19:21 - 2010-06-17 19:21 - 0000000 _____ () C:\Users\Viki\AppData\Local\AtStart.txt
2012-03-28 18:52 - 2014-07-11 00:34 - 0011776 _____ () C:\Users\Viki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-17 19:21 - 2010-06-17 19:21 - 0000000 _____ () C:\Users\Viki\AppData\Local\DSwitch.txt
2010-06-17 19:21 - 2010-06-17 19:21 - 0000000 _____ () C:\Users\Viki\AppData\Local\QSwitch.txt
2010-09-18 18:08 - 2010-09-18 18:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\Viki\AppData\Local\Temp\7za.exe
C:\Users\Viki\AppData\Local\Temp\DaS_21.exe
C:\Users\Viki\AppData\Local\Temp\hijackthis.exe
C:\Users\Viki\AppData\Local\Temp\NirCmd.exe
C:\Users\Viki\AppData\Local\Temp\PEVZ.EXE
C:\Users\Viki\AppData\Local\Temp\Quarantine.exe
C:\Users\Viki\AppData\Local\Temp\remove.exe
C:\Users\Viki\AppData\Local\Temp\sed.exe
C:\Users\Viki\AppData\Local\Temp\shortcut.exe
C:\Users\Viki\AppData\Local\Temp\sqlite3.dll
C:\Users\Viki\AppData\Local\Temp\swreg.exe
C:\Users\Viki\AppData\Local\Temp\swxcacls.exe
C:\Users\Viki\AppData\Local\Temp\wget.exe
C:\Users\Viki\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-06 17:32

==================== End Of Log ============================

VIRY.CZ

Problém s instalací, potenciální vir

Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir

Re: Problém s instalací, potenciální vir