VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Ultimátně zasviněné pc, prosím o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=144331

Stránka 1 z 1

Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 09 kvě 2015 20:42
od A-Tom
Můj BFU známý dotáhl comp, že prosí o vyčištění. První rada je samozřejmě ubít známého krumpáčem, nu ale stejně bych to pak rád vyčistil - už jsem s odinstalovávání programů, několika antivirů etc začal, ale stejně určitě nevyčistím všechno, takže prosím o pomoc.

log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by martin at 2015-05-09 21:37:06
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (27%) free of 305 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:37:16, on 9.5.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\martin\Local Settings\Data aplikací\suprize\suprize_notification_service.exe
C:\Program Files\ver2OffersWizard\e6OffersWizard66.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ver2OffersWizard\L2h.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nethtsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ver2OffersWizard\B9eG190.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\netupdsrv.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\martin\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\martin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13798;https=127.0.0.1:13798
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: 486f39d5be3842d1a5b143880bdcbae60069063 - {11111111-1111-1111-1111-110611901163} - C:\Program Files\HDQ-1.2cV01.01\HDQ-1.2cV01.01-bho.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: OffersWizard - {4359A48A-62E5-9696-71B3-1C273503AA37} - C:\Program Files\ver2OffersWizard\190.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [SeznamInstall-uninstall:f45e6b299394d05903aed92e97580ee9] "C:\DOCUME~1\martin\LOCALS~1\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" -c "C:\Documents and Settings\martin\Data aplikací\Seznam.cz"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\WINDOWS\system32\nethtsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OffersWizard - Unknown owner - C:\Program Files\ver2OffersWizard\B9eG190.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\WINDOWS\system32\netupdsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O24 - Desktop Component 0: (no name) - http://www.jetixcee.com/disney_gigasite ... 1_1280.jpg

--
End of file - 11828 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart
C:\WINDOWS\tasks\21IgGiigAxVT.job - C:\Documents and Settings\martin\Data aplikac\21IgGiigAxVT.exe --c=DgTyH9AnPrMEaaeXucK2dtucMdFwXz3SSCSyKwl6b3F5YZJxH8OTC8oi3l6mZkFTMfy5r93FuyLOmR6cu4uSKC7V1+IccT3uwNSwjrF5sVe4Qeacus+7AhZb+XAcb7PvGOlrjEmORuc2hvrZcaHx9JdT/iw+W8PKX2H/dnTjfC6ccy1QIM/36Vo6eNlkw7EptrZ/gdXC//nKZBHggjSsetEApyLFsT2NDybyfCcmX6q8T3FDpf2lkeoA0D1J58w0BAVDtyukWaKkhe1+TncrGRFUZz41887kfdcF0uO9f3NlJS7QvBSkJ0zH4nz9dsFgCg6wh2lzrMTd6/p0Zv4vgQ==
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AmiUpdXp.job - C:\Documents and Settings\martin\Data aplikací\17096\Updater.exe
C:\WINDOWS\tasks\c311bf70-1f07-4f8e-81dc-e1282ff5c6ca-1.job - C:\Program Files\HDQ-1.2cV01.01\HDQ-1.2cV01.01-codedownloader.exe /rawdata=h6PDtXNKIXK2D4hXrWaV3ZxdKxrqIbeOJKMlw5bM6xUiHDLkGZIlP6U5vzUXezH+SxPBL4vCOaNvaMqgJt1qPNh17pGPyMQFo+uqpY/hAu/ZhbJohCm1s5xyKuW1S+0qrvqVvuTdDZhMU6gYvCUXtcjRy4JffKsibf2H3nFbWLy1nrC4LJYmy9sixl+QTcq1NYsKgD1AcieMrvVVthI5NpIyHr2lBrzDsR2zB8Ydg4KDVYdoAM4BKhXqAO7rSU/8GEwg/mf2wXSj0T/nf+pw5Jnv1x9ZyWqh+0pvpPKh3NXnav1713xL6gIwVwPaFwEXjKtdbhaIXmUgK1/Rmp34bz4lv95c5UEYNFhD+PVaUwFqcYS2Cw/OFBI5sscMhUgYKbC5kI6zKCMDdm3FYBboR+zZJFAGhIFCD97QpotbvfYisjQUAJ7yPJqi3eO33CbYj/v/U5UeZSMwHesQKPVgYLm1oQi077Ahfk+QzNjgq/F21o/GKvZKqQS0vM4pcEXYfbnN42mheUI8xoMWFiefrjobPAA29+peOkj4jeOlmvG3km8CoozoeMNlfmsilBhN5SJTY8QdRR4gkGznsYM2BqwwGix7mpbnWqPqnC5qLsnxhBWePY1nhiSzLGhKbKoOm+w+j2yFCmYXnv4Xiyg88quoJlvLT/HT/poKqcPi51GdYw1nTerWGXB/mZ8mJJPRszUV95C4crUfb/FHo59GFd/5Tj0yp4JSyXSAA7ueRuKtBeHbZJAk4fTTOBeB/ZvdlIlc8aw8sqKne0MlNaSskmVnDK3wvOF+qWp3VoIQ/6UtuALYIcEMGo+jGuulLTcm5omYET4urQb/mHus9Z1AHkUg+8L6T/0cK1Ou7gkZf34/eMZV8MDiewMiQJFhmhtsJ5Ihjw+X0LpXs6GpxfTmZnch5LUASeI5UZzWGfbdqsSeMF8HgzQJZm6d3/UyiVMsa6t48vNuc1YrwPkInGljQf32qVv7d5cu7nksz5QOxZ8D9wiaOy79lE5hBvw6PW9HDoz4fV8118bAD3Zpcfn/cExoMchLWqaN0Y9mtG4wxPJG5qco4nOGPEPzclOCZUOfBJT8wStyK5QLt2Ex5kHMof+dN+IW8i/cSGzwCY1bBFhYpPvGBMPxqjGbSGqdj8h6KECBFQxEYGNkKR8IZaPeTiBv/xnsvC66X+sdMVFqH2umXVeyI3SqnsxITkIDNdl9uzHqYSbSSCi94Xj04j6rGCfaCSODAenQTWG8I8el99TRU0uyCP9hyRdBu+TkxpQMh04EtEC9m14ozSqmuiN8Zry7kHkQhP7Xk6XntUmjC9POg4PcCIgUaPS1QQuYmsUE7EOeL+BQsKUZaRDbmVEHMw==
C:\WINDOWS\tasks\c311bf70-1f07-4f8e-81dc-e1282ff5c6ca-4.job - C:\Program Files\HDQ-1.2cV01.01\c311bf70-1f07-4f8e-81dc-e1282ff5c6ca-4.exe /rawdata=I2vyB4Q5YonceLq+dOGOt0yUvYAYls8kpThEaCcaMaAd5ywQNYrkY9usCLcdki7IBULWXpJMbyENPPJbzNiCQFfdAVOZncxfQuxaZAmBAlhh0ASu+ThumRVh5P9/jkc89cKfoF1toXUkrzHroYfQEzntkWVvZgHV5IdtbOwB5To1yZ1IZvp3BPXZxwlvvvhiaET2SXVaAcN8vybMNgs8a94u8kOIDHhJX/2aCxWLhn0WgNm0gI1HCn9DoHYTXtAeMrc8k9Ljun21uYeZB+sG6Nn1e9RvQpbZrSU2pSITAGwq0Fo71Ttoff8Cy3zhRaULwy5DAelI7rrLgh1B2xlRAiN2eg63yhROt+3VR7w2yXwjrDkzENtgAAPVjzqPohyiRHZrvZFHDPgCEd48K7AGRvAd/kAt/v2/W8vVMYLp9F8La5DMqM5ssDeU/iJX6/fuCycXiwbFQrahq0d8mxp+QQ4FdNLDVQr0VzVQQxUQ6wvsxS0fLGpW+C8bRjt7+oXwMyk2JViPoZ7s+ULgOoPyRDHMqGrY9+UVb0lmVYixAwOJnMkG1jKZm1NSHfAtimRyMIoVWBIQjrigYI3jOmzfRFTcapgM9qx/G8X5RDTBi7xWeZJPzIOsYS/M+QJ8iG1x3KsAzXwVonE6M7p8v1mZ6zGg19USxtq07GQOv+h5W0RpGa9ErlEHBV6K0KgkXNtNUjCy/SbgTrKOgLvffQUsiYR0E730IDOjEVaUdmiApUB+doBVpst0zFlSbtTiPdNYZlE24U20ZI7BTvOK9BlElMZ8jkdVpe9ryTOI3Wof7ZRlEI9BaIjZ1HKsniTePxqPBK7jMaMcv3NzRxzErHsDSn/4xYXgJCUC2ILwmxpFQV6NpLck3kHcmdAq3OsZIVu/jS7rUlgvbQLkwkJvDOotuBxTZ74pnc/jgrpE7zEzbA7gm5baBg87CmAplkSmwe5c9wpLKjQoyXkxyHibI3iryJI44ewMyMJpgperyOFngqaTzeteMk276VYFUVG7N4u/YxZHOV6Vkf6yKS/K30S0rv3pOf7be4vgmwqEwOim+KNGHUr9zTE91uiR55KGSvdrrGbVRcGs3LNUbkhYae5hafP4X8N5OALM0MYpvSWxmlsDx5444lUwn9EKrzgp37Ex0kxxdFgzxryr3/wMGfznDsKptFTzEAgPLVe3sSl/p5Zec6g8Eaek62PIqyeQG59SDOKE6RpVJPjGEaxUt2I3fgXhfuDYRURY7PGB+B3T/Ehk/Il0XIqmraQxMeyBNKUu3xyQS3Q72wKZbgNOo++FmXcMHOR12gTvSHCNFO76sH7k6eBLW8dkq3Tb3bY5d3ou0kmXrfB7SCMe4GnsKGD/eyLosWlt/1dFM2eo3Etxjr01VqRl3FfN3ahqwi58ws1TUpAQPFtApL3nD5XPjHkNfSlPug7Cg+17KF/2pez2miIa7zpwn62OLtxMUG7J5Ol7hllco7WsinE7h44ahG+5NVop8669z7r/jmBjfs58/+bcvot+mmHwSvCtwip2dzicrw59PT6tvlp7+C93fjHxq/CSiv7At2cdh0l4+El26tfDoSUJqu4wMH5t5UW3NxJQg+Uhlx6/zzykBfyvfkVgAZZvB2l2djdknfZehz2rAuaWeyRg3lFTUg4KRGz3q9A7BecFQdkD9EOccoIo+zsAes8zxHci8VxLsraBp6kNcmp00mHOVPc04MM/M3y8gKGDjKr7baTOYDuuN0zXkEPcm5lWycWx9RdmzgTybkDmJcy/73LEB0SzijMe5vXPh/CgrSVb7HjlCb7Q2v+77zTMnYNIGr2i1cbHFVFoLZKAIHLGPZ5gHsuJj1qv+6zxrGogsHrjQ4El9+WAk4I6XzZx20D5v/Fdo3IGKwrAozdfimHtcbBxH/smQuMMh7HZzrHezLI6QxLUhseEEoLmmBk0DIWaxsQvt/lDLV11yKxsu8kY/M9/LwyferVfDCmfpKUrzRgKxsGw4wZr0j8VK3I5JpOB14kItSWBjLpG5TaqDdIlnkRFLQphz1Th8c2ZjPrC
C:\WINDOWS\tasks\c311bf70-1f07-4f8e-81dc-e1282ff5c6ca-5.job - C:\Program Files\HDQ-1.2cV01.01\c311bf70-1f07-4f8e-81dc-e1282ff5c6ca-5.exe /rawdata=AcQ6qYcQZaamGVX6zwxCgdoR7ft8M8C0phR3OlNslOVdcXVPKROnIPVnVpG6hxRwqlmBcbfzrTClTCiNQuqCvLatfc2le/ZY9IehYpHf7vofdojZcq56TVAzYfMJMDpwqAwYY86xMxKoOVltCZy0TNCg7cuCPsrYg95iKVnEJysaaDZJ7X85HhvKHsrz7VDHhxE72oJ539RZBMd6QRPHRLDHsFDPIbwLf5GqY4iPmU94sPdWU+YD9sgmtMzzQ9kx0dGNLTxCtbBbMiuy7kgstaOhNK2Uuhmh1s5N03JdRyteqVCNx0BclDLlIiVufoPCj5gstNBMQLmG5k22cjtT2xs9fMxB+YQO5w6GoCwg07qpaRICHyptLCxkva0ODP2cPGzmmtg95ompb+/C8yErlKnbsRbtf9Fq/WwYtXjsweQjnBiUkLUbKOTprnnH9Z/WYqPfs6WPy9eUzqu0nHvPievz8GbpEJu/fGpy1dXQxyE2nxc+jMBcgD+HoSzhIgaIIJSrhE8Mbzjcykbm+Q4TyNk96vk4/L9Z5e9TohKBf80PT9yERWUldTnnexnsPCqk2IMVEmn9vux25O/M9hhvF5iazjXUJETpfmZPrw9LK2IqI/EKanLgWX/KNuFD83PCGQJp26/Lhg0gkvLoCzANXbz/F0asugMfPKaL9a7saQ9xAnLxtH0j6dYLVAsKm+y0BZAtx2+aJvQXBMn8NlReQbMZ6XKhR8XK0f3wvaNPXE5/C2VcT35/orr+SmQRd7VwwH1noiFxFunCB4MmzPaaTaTfVedDHKcXtQ4DvOTK8fPyNqFCjuvpaNphETDh036gSMeum7zQ/cYMJQ+2NgzdSnvOf/DZqfYUEPuFYhVzPV8ndJVp8nv+w49XJzNfIcMVfhQWoOgV2Ee6hTG1t37eNIUQpT9VHneMBYfnyyfdHtM2vqcmD03uKx2vlUJXWauxzRKSPtn/RHiXGYmYy4C95hHjiVzVmFXhNf4V5CwezAt1V0cl2HlNbFVp3pjPlVav
C:\WINDOWS\tasks\DRYOLORT.job - C:\Documents and Settings\martin\Data aplikac\DRYOLORT.exe /infocmdline=letSQz1dVDATVFPGqxpffYBb4RUGXdiG7zMq+gT5uxsuS92QbVgQ8oijRt0GGUy0J5sYBFcWeGPpOO24i98v9l4uBa8OdtqNiVNY4NO9YVMVJxhhEYZEzZwBUnxsgdsLWbViafhQ5hRvvKi8cTkis3YbjFSC7+P9KZF/o03sxcwef4PKw6L/AtTMLIuHXhXJsSUrcnm0nTXhY6DVrpwzYS8zGCBzFf6VGq6FUYrIqdrM/UL5dHBujEazFhmOdX3S+MPIN/1em3D1uvkbKV3u/FSGJTTW8BU6rCjHrrPr5kSBJK3hMhsn/h8f5xAvRRWsiYP4FrJWsp/Rt1S8HDXPS0MGeBsyi0yBlTYyrjVUJ5QiiOpb5qjr0ZOIepwZzbUHHYccyf/hREY7HH++dLr/FTuKeur9X/JUkYx84LPTbs6JvsI9VAEMGcdQ+XHYqYVs+qfTYOoA5kWYgOcBICsg+XXdS/w1B7D4wnAEPX0zY6uxbzvuF6Razh41PKR1xnnPsZkLutK+wRg09MBTdV6esMVJAnVrHQ18v7KwLAnjHLQ6qygpZwcc4FRKmt288xLM80NNLghoNjL7A5LleUPNwEK91s0rHvKmd83SdnKb64/+DklNpVBvfiP1S7ufH9ZR3T06y0c1dfgiSyZsKto8dEXbr5D/fQu+D2xz3adWKyg=
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\KFDETW.job - C:\Documents and Settings\martin\Data aplikac\KFDETW.exe /infocmdline=gh0cw8CKrCdNtZyP2x8leaSoA2YkBV0WbugmvKwBTWgaFCHvftiO+zVlOdUgIvOYNV2SnZHIaDmZGRDBCxhGXFTRp5LQ7wiHBGmbyddidFCzgTSFNXJf5ty8U4Y1UVSFYnNZYD/0ro5lpOy6RURkkSN1Y/Re+Vne35EFpN3cWwMu+bJelIrhhimTnEHSlbxcmex9bmFT3kmaE9PXF7MMWgWNG3JNkdASVWsJx9YkY6ec0f0lDGRAw9gB8RUJUZQpEWFsKM6kHiVHabloFiUc3vOCBrWDTcHh+LZ2C8NQ83WFAWL5K1tyWpPCJTZjnf//9T3CTRfD5UtUWZsyu3iGLp2ST240n6vBB/7XfSmhsCAiJ9HwWdj75gUxR91eQznshmw9h+fzEqTYiaP31FPG6YqPCgUFgGxYUB/a+wXJLzxvAZX1fKN8UZSE9rXvhVjEUluyJ065zzBl3f3mIt3at0UUPyFCcdmC34tMWLFatkixdquL/jm8NtE+ib0/79Wm
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\OffersWizard Update.job - C:\Program Files\ver2OffersWizard\e6OffersWizard66.exe /update
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\suprize_notification_service.job - C:\Documents and Settings\martin\Local Settings\Data aplikací\suprize\suprize_notification_service.exe /url='http://cdn.selectbestopt.com/notf_sys/index.html' /crregname='suprize' /appid='73143' /srcid='2913' /bic='2884f52484c2ea1774bc063e5c8bc0f3' /verifier='fa7ac82a8105658f6c8fa2cee9bcb9cf' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /installationtime='1427903000' /runfrom='task' /brwtype='notbg' /postponedhours='6'
C:\WINDOWS\tasks\suprize_updating_service.job - C:\Documents and Settings\martin\Local Settings\Data aplikací\suprize\suprize_updating_service.exe /campid=2913 /verid=1 /url=http://cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=suprize_updating_service /funurl=http://stats.buildomserv.com
C:\WINDOWS\tasks\User_Feed_Synchronization-{CF5B6196-AFF0-4E2F-B2BB-3ACA9BC5CDBB}.job - C:\WINDOWS\system32\msfeedssync.exe sync

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10"
prefs.js - "keyword.URL" - "http://search.tb.ask.com/search/GGmain. ... searchfor="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\Documents and Settings\All Users\Data aplikací\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll


C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\
4SyUV@gmail.com
6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com
89ffxtbr@SafePCRepair_89.com
regexptester@sebastianzartner.ath.cx
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\searchplugins\
ask-web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}]
HDQ-1.2cV01.01 - C:\Program Files\HDQ-1.2cV01.01\HDQ-1.2cV01.01-bho.dll [2015-01-01 756712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-01-20 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4359A48A-62E5-9696-71B3-1C273503AA37}]
OffersWizard - C:\Program Files\ver2OffersWizard\190.dll [2015-03-03 496128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-01-20 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-05-16 86960]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -scheduler []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2007-12-29 486856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"T-Mobile Communication Centre"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2011-06-30 1363984]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-07-24 21652064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SeznamInstall-uninstall:f45e6b299394d05903aed92e97580ee9"=C:\DOCUME~1\martin\LOCALS~1\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [2015-05-09 534528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
C:\WINDOWS\OETRN.EXE [2008-01-20 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Unreal\System\Unreal.exe"="C:\Unreal\System\Unreal.exe:*:Disabled:Unreal"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe"="C:\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe:*:Enabled:Heroes of Might and Magic® IV: Winds of War™"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\martin\Local Settings\Temporary Internet Files\Content.IE5\4U6KCO8B\n11975310_09.JPG-www.facebook[1].exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Windows Media(TM) Audio (wma)"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll

======List of files/folders created in the last 1 month======

2015-05-09 21:37:07 ----D---- C:\Program Files\trend micro
2015-05-09 21:37:06 ----DC---- C:\rsit
2015-05-09 21:26:06 ----AC---- C:\awhC.tmp
2015-05-09 21:24:16 ----SHDC---- C:\Config.Msi
2015-05-09 21:09:31 ----AC---- C:\awh7.tmp
2015-05-09 21:02:18 ----AC---- C:\awh272.tmp
2015-05-06 13:31:24 ----A---- C:\WINDOWS\system32\drivers\nethfdrv.sys
2015-05-06 13:31:14 ----A---- C:\WINDOWS\system32\netupdsrv.exe
2015-05-06 13:31:02 ----A---- C:\WINDOWS\system32\installd.exe
2015-05-06 13:30:48 ----A---- C:\WINDOWS\system32\nethtsrv.exe
2015-05-06 13:30:38 ----A---- C:\WINDOWS\system32\hfnapi.dll
2015-05-06 13:30:24 ----A---- C:\WINDOWS\system32\hfpapi.dll
2015-05-02 18:08:40 ----AC---- C:\awh39.tmp
2015-05-02 09:47:21 ----AC---- C:\awh4CA.tmp
2015-04-29 15:39:12 ----AC---- C:\awh5.tmp
2015-04-29 15:02:12 ----AC---- C:\awhC8.tmp
2015-04-17 17:26:52 ----AC---- C:\awh4.tmp
2015-04-17 16:08:29 ----AC---- C:\awhA0.tmp
2015-04-17 15:13:27 ----AC---- C:\awhD7.tmp

======List of files/folders modified in the last 1 month======

2015-05-09 21:37:13 ----D---- C:\WINDOWS\Prefetch
2015-05-09 21:37:07 ----RD---- C:\Program Files
2015-05-09 21:36:28 ----D---- C:\WINDOWS
2015-05-09 21:36:28 ----A---- C:\WINDOWS\MAILTRAN.INI
2015-05-09 21:32:40 ----D---- C:\Program Files\Google
2015-05-09 21:32:32 ----D---- C:\WINDOWS\Temp
2015-05-09 21:26:59 ----D---- C:\Documents and Settings\martin\Data aplikací\Skype
2015-05-09 21:24:52 ----D---- C:\Documents and Settings\martin\Data aplikací\Seznam.cz
2015-05-09 21:24:20 ----SD---- C:\Documents and Settings\martin\Data aplikací\Microsoft
2015-05-09 21:24:19 ----SHD---- C:\WINDOWS\Installer
2015-05-09 21:22:05 ----D---- C:\Program Files\ESET
2015-05-09 21:19:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-05-09 21:10:46 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Google
2015-05-09 21:10:32 ----D---- C:\Program Files\GameSpy Arcade
2015-05-09 21:10:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2015-05-09 21:09:51 ----D---- C:\WINDOWS\system32
2015-05-09 21:09:50 ----HD---- C:\WINDOWS\inf
2015-05-09 21:09:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2015-05-09 21:09:48 ----D---- C:\WINDOWS\system32\CatRoot2
2015-05-09 21:01:51 ----D---- C:\WINDOWS\system32\drivers
2015-05-09 21:01:20 ----D---- C:\Program Files\Common Files\ACD Systems
2015-05-02 19:40:47 ----RSD---- C:\WINDOWS\assembly
2015-05-02 10:11:13 ----A---- C:\WINDOWS\NeroDigital.ini
2015-04-29 20:05:59 ----D---- C:\Program Files\HDQ-1.2cV01.01
2015-04-29 20:05:58 ----SD---- C:\WINDOWS\Tasks
2015-04-29 20:01:43 ----AC---- C:\WINDOWS\system32\MRT.exe
2015-04-29 20:01:24 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2015-04-29 15:33:59 ----SHD---- C:\WINDOWS\CSC
2015-04-17 17:01:56 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-17 17:01:52 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-17 15:08:02 ----D---- C:\Documents and Settings\martin\Data aplikací\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2005-08-15 5888]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2005-08-15 127488]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-05-13 111808]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2003-09-06 6944]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-01-04 715248]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43008]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nethfdrv;nethfdrv; \??\C:\WINDOWS\system32\drivers\nethfdrv.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-05-04 46720]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-05-04 19968]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-17 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-01-06 10368]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 amzw8irr;amzw8irr; C:\WINDOWS\system32\drivers\amzw8irr.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 huawei_cdcacm;huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys [2011-02-25 90368]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2011-05-03 194816]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys []
S3 massfilter;Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 105856]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 105856]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2010-03-02 105856]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18 107912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NetHttpService;Network HTTP Support Service; C:\WINDOWS\system32\nethtsrv.exe [2015-05-06 338944]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
R2 OffersWizard;OffersWizard; C:\Program Files\ver2OffersWizard\B9eG190.exe [2015-03-03 349696]
R2 PnkBstrA;PunkBuster; C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]
R2 ServiceUpdater;Network Support Service Updater; C:\WINDOWS\system32\netupdsrv.exe [2015-05-06 190976]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-04 654848]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2015-01-01 68608]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17 268464]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2015-01-01 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-18 107912]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-03-29 148080]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 09 kvě 2015 20:47
od vyosek
Zdravim :)

:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 09 kvě 2015 22:06
od A-Tom
Jasně, no trvalo to trochu dýl - tady je log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.013000 GHz
Memory total: 2145890304, free: 1041788928

Initializing...
=======================================
------------ Kernel report ------------
05/09/2015 21:59:19
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spdl.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
imagesrv.sys
ACPI.sys
pci.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
imagedrv.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sfhlp01.sys
prosync1.sys
prohlp02.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\amzw8irr.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\??\C:\WINDOWS\system32\drivers\nethfdrv.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\prodrv06.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\daemon.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\atapi is hooked
Unhooking enabled.

Scan started
Database versions:
main: v2014.11.18.05
rootkit: v2014.11.12.01

<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4deab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-6\
Lower Device Object: 0xffffffff8a492940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4deab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a50fe08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4deab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a467e98, DeviceName: \Device\00000066\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a492940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1aae128, 0xffffffff8a4deab8, 0xffffffff88c48708
Lower DeviceData: 0xffffffffe17cc840, 0xffffffff8a492940, 0xffffffff8a4e89d0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpiec.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv05nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv07nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv08nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv09nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\adv11nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agp440.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\agpcpq.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\alim1541.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk6.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk7.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1btxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1mdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1pdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1raxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1rvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1snxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1ttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1tuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlmnt5.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mtxparhm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nikedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nmnt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ntmtlfax.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nvsnpu.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nvsnpu.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nvtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nvtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkflt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkipx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnknb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gagp30kx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\Hdaudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\Hdaudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidir.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfcxts2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\imagedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\imagedrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\imagesrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\imagesrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ip6fw.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\recagent.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rio8drv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\riodrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rmcast.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\s3gnbm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\secdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\siint5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sisagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnt7554.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slntamr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slnthal.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\slwdmsup.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smbali.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\smclib.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sonydcam.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stream.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tape.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tosdvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tsbvcap.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tunmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uagp35.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cpqdap01.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\crusoe.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cxthsfs2.cty" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\diskdump.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dmboot.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\enum1394.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati1xsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv02nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cinemst2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\modem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspqm.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwlnkspx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rawwan.sys" is compressed (flags = 1)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcamd2.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv08nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\nwrdr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\oprghdlr.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\p3.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\PnkBstrK.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\PnkBstrK.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ipinip.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\irenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mcd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mdmxsdk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbintel.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\usbstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vchnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdmindvd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\viaagp.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv07nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv04nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv06nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv10nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bridge.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cbidf2k.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmarpc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmepvc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmlane.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atmuni.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atv01nt5.dll" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fastfat.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fsvga.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv09nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wadv11nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv06nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\watv10nt.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wpdusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfPf.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WudfRd.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mqac.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mspclock.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2920292

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320071851520 bytes
Sector size: 512 bytes

Done!
File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\CLASSES\multimediaControls.chl --> [Trojan.Zlob]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TERMINAL SERVER\INSTALL\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NVIDIA driver monitor --> [Backdoor.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{055FD26D-3A88-4e15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: C:\Program Files\ICQToolbar\toolbaru.dll --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{4BD2D6C3-31DC-B947-23D0-DC52EC4F0C4C} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XTTB00001.IEToolbar.1 --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\XTTB00001.IEToolbar --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\CLSID\{055FD26D-3A88-4E15-963D-DC8493744B1D}\INPROCSERVER32 --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\ToolBand.XTTBPos00.1 --> [Trojan.BHO]
Infected: HKLM\SOFTWARE\CLASSES\ToolBand.XTTBPos00 --> [Trojan.BHO]
Infected: HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Infected: HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{055FD26D-3A88-4E15-963D-DC8493744B1D} --> [Trojan.BHO]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 09 kvě 2015 22:09
od vyosek
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem


:arrow: Pokracovani rano :)

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 09 kvě 2015 22:20
od A-Tom
Log z AdwCleaner:

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 23:16:20
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : martin - MARTIN-01C6B47C
# Running from : C:\Documents and Settings\martin\Dokumenty\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Nabídka Start\Programy\iMesh
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\icqtoolbar
Folder Deleted : C:\Program Files\Play
Folder Deleted : C:\Documents and Settings\martin\Local Settings\Data aplikací\globalUpdate
Folder Deleted : C:\Documents and Settings\martin\Local Settings\Data aplikací\suprize
Folder Deleted : C:\Documents and Settings\martin\Dokumenty\iMesh
Folder Deleted : C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Folder Deleted : C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\89ffxtbr@SafePCRepair_89.com
File Deleted : C:\WINDOWS\system32\installd.exe
File Deleted : C:\DOCUME~1\martin\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\searchplugins\ask-web-search.xml
File Deleted : C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\my.cfg
File Deleted : C:\Program Files\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

***** [ Scheduled tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iMesh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
Key Deleted : HKCU\Software\XTTB00001
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{596BB86E-F1E5-A1DE-3363-41AB634E77EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3492A3A-6715-9371-F8DB-1C48CC4DAAA1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\estdemin
Key Deleted : HKCU\Software\suprize
Key Deleted : HKLM\SOFTWARE\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMeshMediabarTb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:14191;hxxps=127.0.0.1:14191
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v36.0.4 (x86 cs)

[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14aa50af55d744c079bf1a4ed1a085c0");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.BUTTON_STRUCTURE", "[{\"b\":221337215,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221337216,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.defaultenginename.savedPrev", "true");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.selectedEngine.savedPrev", "true");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.homepage.prev", "www.seznam.cz");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.homepage.savedPrev", "true");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=09BBF971-5D57-4F1E-A5B6-BDFFB2742C69&n=780ce77b&p2=^AW7^xdm055^S10989^cz&si=YO[...]
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.page.savedPrev", 1);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.startup.page.tb", 1);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.browser.version.last", "36.0");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.firstKnownVersion", "6.72.4.60309");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=09BBF971-5D57-4F1E-A5B6-BDFFB2742C69&n=780ce77b&p2=^AW7^xdm055^S10989^cz&si=YO_SAF_INTL_CZE_45");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.hp.enabled", false);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.hp.guardType", "HPR");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.hp.user.defined", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.initialized", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installKeysSource", "LocalStorage");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installType", "XPI");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.contextKey", "");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.installDate", "2014111611");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerId", "^AW7^xdm055^S10989^cz");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.partnerSubId", "YO_SAF_INTL_CZE_45");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.pixelUrl", "hxxp://download.safepcrepair.com/install_pixels.jhtml?partner=^AW7^xdm055^S10989^cz&coId=5b8775c17bf046b88992f2113ad6fcdf&t[...]
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.success", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.installation.toolbarId", "09BBF971-5D57-4F1E-A5B6-BDFFB2742C69");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.isCompliantUninstallImplementation", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1431197657073");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.lastKnownVersion", "6.85.6.18429");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.defaultSearch", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.homePageEnabled", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.keywordEnabled", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.options.tabEnabled", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.partnerPixelFired", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.successUrl", "hxxp://download.safepcrepair.com/installComplete.jhtml");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.toolbar.versionChanged", false);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.toolbarCollapsed", true);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");
[fhrpep7c.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=09BBF971-5D57-4F1E-A5B6-BDFFB2742C69&n=780ce77b&ind=2014111611&p2=^AW7^xdm055^S10989^cz&si=YO_SAF_INTL_CZE_45&searchfo[...]

-\\ Google Chrome v42.0.2311.135


*************************

AdwCleaner[R0].txt - [17307 bytes] - [09/05/2015 23:15:25]
AdwCleaner[S0].txt - [17693 bytes] - [09/05/2015 23:16:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17753 bytes] ##########

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 09 kvě 2015 22:45
od A-Tom
a Zoek:


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by martin on so 09.05.2015 at 23:23:58,82.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\martin\Dokumenty\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9.5.2015 23:26:26 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\Elaborate Bytes deleted successfully
C:\Program Files\ICQLite deleted successfully
C:\Program Files\LEGO Software deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Sierra deleted successfully
C:\Program Files\Soggy Melon deleted successfully
C:\Program Files\wyvern deleted successfully
C:\Program Files\Common Files\SWF Studio deleted successfully
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\TopCD deleted successfully
C:\DOCUME~1\martin\NABDKA~1\Programy\SEGA deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Bluetooth deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\nView_Profiles deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\PlayFirst deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1009713B-F04B-4F9C-B0E0-152AE43A33} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{107C1719-67DE-4BAF-91D2-A8E0B1B5AC54} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{113F3F1F-9326-44E4-848-564C5E9460A3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11450A2B-767D-4797-B8C7-26D197221A59} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11B90242-4CB0-4AE0-885C-E56B23978CE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BAB5F5-7155-4C51-9473-C16DC515D2EB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1279B612-9E58-4E9B-B37C-24DE0D28972} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13478BEE-B59B-4EF0-8187-43F59B22FE6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{139937A4-F035-40A8-B032-B55442544B2A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13FBDF4D-235C-4D22-93D6-4CDFB23E59B7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14D91E46-E4BC-404F-980-F18A93FC522} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17AE97C1-79B6-447C-90F8-411A2233242E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17F9A8A5-2F1-42F5-B33-383D92C3ADC1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186D910C-9CD2-4E22-9BD4-ED189BC85BAF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18A7E014-3157-40A5-B858-8FE8321C5997} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A0E8B2-C9CF-459C-AEA0-88D17C117056} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A58E20D-9B11-426F-908C-D19B52C79CA6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A9B7615-14D9-42A1-8BC4-76E9BD79D1E0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B7ADFF1-C2F2-489F-ABA1-8C889FD8D94D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BC793AB-8C64-404E-B915-E1D9F2B7F3D2} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BF4CD23-7E35-4576-84E-8535DE61E57B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C18CD61-C8EF-45F7-81F0-D6A12299E818} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D510008-9792-4A37-BED-92DBD9DDD9B4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D84F77-D6B2-4B35-8012-7C505E8C4244} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E37820D-E5CA-4DBB-A7FA-2184D3955E8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E37FEAA-AD02-4E43-924D-C69AB7C921D5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FEF46C0-649D-464C-82BB-3166B3F033DD} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20057185-D7C3-421B-872D-A11EF9C298AF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{212131EC-28E8-4E21-A077-C7E448494A7E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2172F393-1C01-4960-A1A2-E7B1139528C7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22CF2AD9-84D6-4CE1-BD20-14FF1EAFB8BA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22E93D58-D854-4889-A726-4643559D57E1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23473FF4-C6A3-4C1B-9546-77B07DB9EC7A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2430F192-6EF4-4A08-94D-A32140E8FD3B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2444D320-E5FC-47B5-941B-EC1F2A3352A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2552B1ED-F9D7-4F81-B4D6-D8DE3E83D95A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26B6EBCF-51D5-44A5-90FC-C28DED3C929} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26D3377-7B05-42A4-B29A-2F075A4A78B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27068FB-E0C6-4057-8AD7-AE51AF47C1A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2905970E-29C4-4E3D-AAFF-DC70339DF7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{292F68D3-CAB4-49FF-89DA-CDF243EDDDFD} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF28CC7-2B37-4974-9CB-6BA1753F59F1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B0CA208-F554-43BC-954D-2DF5B223DF79} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B3888FA-276F-48B1-B536-43CEC68A97D3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B769E62-CDA5-4C66-BD74-B324D33DA05E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBDDF09-8C07-4EDE-B84-4F405652C515} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C14EB4E-995D-49F3-A1F1-D3296573A087} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C2E9927-254F-4AB6-87D7-583CFB97804D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CB6156B-9211-4454-A3AC-CED38CD88755} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D386199-4474-4FEC-BA82-F615588979D6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D41AA7F-D9A4-4029-BC9E-27F63CAEE8E1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2DCC26A8-6C08-4F3D-B16-1DB522D18885} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E82F4B6-57F2-4415-884-E688D1828B57} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{303ADA09-E4D-43B9-A476-F8CD4235E79} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31E55426-88B5-4055-B32F-3958B81F5F5E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31FF3799-CEBE-498C-877A-761FDDA811EC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3258EA74-9F89-44ED-8616-31C2679FA6BE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B8DC79-EA65-407A-AD8F-7DF43574C21} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32EBAE79-90B3-4B8B-9517-C873A3B956AF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3349DDC9-1935-432A-9AD3-2BA61A1A19D7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{336C83C2-6EA1-475D-A6C7-A65847DE4FE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33934973-8193-4CAA-967B-AA41295593CA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F16A9D-77E6-4352-A317-A438CFA58A7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3452936D-AA43-4933-9CA9-1382772DC6CC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34F3539D-F547-406B-8A76-8E8034383FD3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{365F3DCB-B92D-4BF0-A776-C866A4F973AA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{380E0946-A06D-48C8-B1A7-F2E875318064} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38170355-3CB4-4C70-90C8-56AFBE816B4C} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39792CF9-B63C-4BD2-81AB-953FE163DD3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A228FA1-4537-4FBC-B5BA-B5BAAB26E4AA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A422798-2D96-44BA-A5C-1ABD2A8659E4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AB93725-4452-46F0-82B0-F5927A35C5C4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B75C1B1-3F6E-48D5-B582-9E68633BD4A5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C49F3BA-7026-4FB2-B6D7-E8981B33E9F8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3CC61C7F-77B5-47E7-9772-6E506F8CABE1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D2BF317-A667-4C5D-9547-6957D4A7ABBC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E336F4A-2AC7-4577-9BE0-52DAC5F6E2EC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ECC75FA-3BB2-4A7A-B5F9-483C2A7213DB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F3794A4-4ABE-4DB1-B062-2F1FB4D59F96} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F421621-5811-4927-85E1-D11E3D418956} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{407F37EB-44A0-43F2-8718-29FA88F263E8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{413B9021-30F4-4F32-83B3-559425BC87D1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{415405AB-F243-47A2-BB7-C12764D03C28} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43C5D47F-9F22-49D3-91D2-FDF1482CC80} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43DA2F9E-EDDD-417C-8832-90B8E5F747FF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{442E67F5-5D0B-4F88-BE95-B68C1866936A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44C5B2F-6079-4AC8-AA35-D7C04DFD86D6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{459825B5-934D-41A3-9CEE-4F739E2CC947} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{473C19F2-9EE2-4169-ACB1-70D51D7DD5F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4819F3CB-1E1-4B65-A7EC-5533BAC3AC1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4830644A-C132-4E79-8D5B-3C4F268ACFC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4843B36E-DE89-4C1B-AEC6-EB68A427910} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D284AD-DA29-4F07-9FAD-C56CA3A71B4A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48F7996-13CE-4EAB-96F6-A9B13788DF30} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4918E1E9-EDFE-4F16-8856-F49CDB4CE6F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{498A1391-C819-45CB-BEA5-D147255C725} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49ADA794-9328-4A9A-8D17-A08D9165672E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4AF0C370-8E51-403C-9E5D-A00637E3F84} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4BA850F4-87C3-4E08-BD7E-8728EEC11FF1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C528931-B3B-4ACF-BA2F-AF891CA07DE0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C645133-21D3-42FD-847D-C624CBDFFD2} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C6E75D5-87C0-4866-BEE0-EAA2515D2ED} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D7E5A80-9346-451A-9867-85A798CEECAD} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E404517-6133-40A9-9025-482EACE6265} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E9E64E0-5ABD-4F1A-8950-54481ADE578} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{506F1F65-25E9-4CD2-9CC4-5B4991B3750} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50E2666F-8F63-41D6-849E-BE3312AEF83} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{50FC5CC3-657B-402D-B57C-5EFCDC8C9DA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{511901F8-E951-4779-8190-5E957EA335} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{516FB3C1-47F4-4E78-A785-362527D8D284} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5250A625-BF7F-4A10-ADEF-EF5A76E4295} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5549EEC6-D736-48B7-995-DEBFDB35C6C4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55C965A1-F272-4C61-AE2F-F9A9F738BE4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5681C560-AE99-4C81-9A57-39BA6EC612B1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56D45566-8B99-489C-9731-8450323C58EB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{572A0BA3-A806-4017-B456-BD3609CCDA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A1BA7F6-321D-4959-A6AE-5BB8CB7B7F9} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AD124FF-FC9-4966-A932-75124484024} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CA7BE1-5704-4327-A3EA-EE4720A3B9E8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CB68E5E-3FCA-486D-A04-CE51161A771F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5D742C8C-3AD5-4C91-B2D2-6D3421ACBBF7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DA56279-EB86-4175-B7EB-E9B2168ABCDD} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6178EE53-7C3A-43E7-B363-C39BE88459C7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6181CA2D-6C4E-49C1-ADEF-96B5B55373D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62A7229B-9245-4CF6-9E98-F8FF5EC39A1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6367BEC3-5E41-4B3C-AB29-ED5E50B2C79E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63F458ED-C481-4152-AC98-71E5AF2B511} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65106A75-37C4-4C62-88A5-C6F7707B96} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65192BE6-26D5-42BC-A660-8723A2AAD978} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65F64934-DF19-480C-A0FD-C8C880919D10} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66D5B4E9-4B6F-4913-A153-A24922B8331} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{676BCF55-C7E6-46C9-8CBB-48B298B2272} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6835F0D8-B5CF-4F10-9D3E-96CE99BFAD50} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68BF4504-2542-438D-962F-6A95CDDE618} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{694AA70E-9723-49A3-975B-383477192B9B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69A69D09-4FAF-44A4-AFB7-51B9E12B7F6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69D6E057-F358-4204-99AF-D8912C68ED5F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AD6DE6E-E4C0-43A4-8EBC-6E45CB446C1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AEDAD1F-291B-4249-AB2E-DE8EC41F26EF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AEE2F59-D8EB-456E-89E-1DA41C875770} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B696290-9889-4009-8350-4B662BCB33A8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B913699-8B0A-4A3E-BEA7-7FC46D0FBE8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BE16E44-F075-4190-9B19-EF16AE2079BF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C1AE34C-F802-4975-BBEF-69C27574D7D0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CF3476D-F297-418D-97A2-23581A77A136} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF685F0-A891-491F-B7B6-FCF98991172B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F4FFF88-5966-47DD-B19F-0BC4B1F4F15} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FE6BDA9-D2BA-4736-8CCF-BB8D9CB3B036} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7082E453-EE44-44EA-B34A-E8B0D95D6917} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{713DBEBF-7DE-4E32-BDC4-531E0FD265F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{71793EDA-724A-48A6-9325-3C8311895144} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{724A9453-193E-41A3-96CD-7E15565727D8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72E48A7F-55E7-42DD-B163-2252ED7CFB69} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73EA1EA-73A2-484D-B946-DE71E33CF9DD} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{745BAC04-38E-47CA-89C3-A7A70CDD0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74B56292-25A6-4A4F-AF36-2B6D5C3A38AC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7534B182-9A6A-4F6B-B2D7-14DC8D97E951} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7653C7A-C0B6-479F-A3ED-B5462E812D54} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7665460D-5F49-4E69-82D7-A1AA25926EB2} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{769832F7-8EEE-44B7-A43E-10833AB720B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{776442ED-211F-4635-8478-92741F3497B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{779250EA-675E-4E27-864D-31558FF5DB3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7871BA89-6DB5-4339-A8F7-F9385C3310D5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79A1E0A5-442C-4AF8-8BE2-87EB8592128} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A117B4B-B44D-4330-BD24-F7A84D40469A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A1C4E46-DD90-4414-AA4D-3E39E09A1CE0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A4CB694-89E9-4541-BEEB-E8FD347C672E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A7FFA80-A08A-41F2-B6A1-87F8C475617A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AAD0AF8-7B1-4E8A-9B80-5BE180184BA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8101EA53-2B52-46CC-A028-B03CEC33D7AC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81F15C0D-940B-40C7-AE6E-A4F15AC8BE63} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{825EF626-CA35-4605-AECA-679F73945158} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{826A3381-96E6-4409-A116-7C4FCAB97238} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{831B2679-34DB-475E-8173-50E9FCE23ED0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83A162EE-17F2-4A07-A7E8-7059794B7568} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83A8BB56-2A0-431F-83B0-9695DEB5493} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83C0973A-2476-4297-9AF3-7C555CFF7AA4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83C6666-DAD4-492F-9A7E-7FE1BCA5C738} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84766011-9C16-4667-A67A-82D6B8F3DB66} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{848031FC-6C34-448B-B67F-AD58B2D657D1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8492A756-369C-4F09-A062-3CB9CAD13ED} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84B33424-FD1E-4DB8-A887-E61B2C72D11} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86039978-295C-4AB9-AE5A-577821BBC5EA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{868F2AC1-7E48-4ECE-A91B-FC42413C49B5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8910AA2D-199D-49F5-9E21-6376B9B5E4CF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8A2BB72E-3635-44E6-B0D-49E42DD73D7A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B35D563-887D-4308-BE6B-1DF63CF712B1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B53A581-B274-42F5-AACC-1DBD9D6CC26A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8BCEF79C-35CC-40D8-9713-DC3E847554CB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8DAB748D-5D97-4EB8-B02B-7573F1F857B7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EEC9CBF-A51E-493A-9A9D-47A9316BC03} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F48F05E-1F14-4566-B1B6-2798D3FB6CDC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90DC109C-9BA5-4427-9BDE-31D48610B1A1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{910F6C1D-D7CE-4328-BDD0-D78EB43610C2} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9168307F-B34B-4726-ADBA-7C4E51B3CEAB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{923F9982-A457-4416-8D1C-DDDE358FF84} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{924338C2-DD77-4F52-9C19-A6329AF5E22C} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{931EE984-3E33-4529-9D4B-6D85C1C62A5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9372E8E4-DED5-4C5C-B99F-E83ED2469EC5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95AC7CEE-9108-4BB5-9EA5-947A92E7EFDE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95CEC35-608E-450A-ADCB-10CC9B3548F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{961A0682-835F-464A-A569-C2E8C6668351} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AB054DA-3717-4BA8-A66B-AAAF4C667F5B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AF4CA1C-66C7-40E0-8C8A-51D37DBFCCE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9D983FCB-A268-4962-9D20-5BF08CD4B848} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E8B382C-FC47-4719-9A64-C3EA99AD9E3B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F64D311-820D-442B-BDCE-8A4B27A2CE3D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A07AA651-3546-4C29-9BF1-4965846FA19A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0F5D832-7698-435F-9858-2CF1DD864711} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A14A873A-D4B2-4584-80E3-7DB04D98B73F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A232BDB2-B225-4E7A-B340-684A5F98E47D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A28B8BAC-F1C5-49B3-9D9C-61BFAB73F8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A2B2DE1D-75E5-4239-B4C4-F19191914CD0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A39D8405-AD9C-4588-BDA6-134CA1256074} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4D9BCE0-F255-4826-8DBD-80D59547BE54} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A600F06C-1E9D-4C12-B175-B3C11C80505E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8447217-A727-4B0B-BF72-497FB8BF3F97} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A90579D4-665D-4199-8ACD-F81594DDF7A7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9FEED-8D19-40AE-BDB-9A1A3BB7A3F6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA2E726C-AB61-4821-A342-7CD425F7F647} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA742573-7AF6-45F9-9484-5BB6611AC46} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB661198-7BFF-42FA-90B2-E01E6B38FE1A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABB6E412-4E1D-4FE5-AAC2-3FDC47117C22} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC82880D-44FD-4C58-B9CF-713DC3A4D863} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACB623FF-7655-416D-A4E0-B119C961A991} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE1C4B9A-4A49-4CA1-9983-5BC3A644C15D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEC2480C-ECA4-4871-88F7-88D8A0269EC3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF871CC-6E50-4B14-B3A2-E4852B2F54D4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFF05FE5-741C-4500-984C-592F7B622E7B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02701A1-74BD-473A-BB89-769A709A566F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B08AC2B1-5FB8-480A-92CB-9DA7D39DC619} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0CDD85B-BDFA-46FF-80B0-797D33A397A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1056CA4-8605-4F39-978F-227EC89623F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B13CB6FB-6324-470D-B9A1-648F60472576} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B17152CC-F3CE-4F55-875B-959395406B59} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1EA218F-6E3F-4F04-9FE0-9F8A16E4A25D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1FE463B-EEFE-4138-BA77-9CDEC0E875EB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B240A959-D742-43A1-97E7-2CD7D9BA23D1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B278F61A-E39A-43BC-B189-365297B411A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BEE030-B1AA-49E4-BD81-DD9382C84A57} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2C87A96-25F5-4627-87D8-15DBA0A969A3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2CE9234-12F5-47F8-A059-97A2E7F83AB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5E0B08C-678-4414-81C6-99F166AA6ECF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B621D59D-AB8A-49DE-B8A6-86B3BAF77336} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B626A83B-1E45-4A25-A6A2-82F53C5F5A98} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6B0EC1A-4622-454F-821E-CC5D7DCCBF9A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B76339A6-F89C-45E0-ADDE-A9D374CBB49D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7D1FF6F-1504-4D53-A95A-8DBADBE1648E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B808EE79-DB72-4C49-A825-105CFFEB4C82} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8666057-1205-4F36-908C-54B5BF7834F9} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8FD4436-8406-4686-8BB3-D54DE1F3A93} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9017B4D-21D6-4C5C-BD4-1043A98B3A74} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9D7D0A1-A6DC-4128-BAC5-D533E37A2164} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAB8787E-B55C-4DD7-8FBA-6C53EB5459CA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAE44DC3-2473-44E1-87E0-622850F3FD1D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCA5FD54-EFCF-4D66-A3B5-10454B196671} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD76BDAB-402-4D31-803E-29CA6DFD5B98} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE858A9C-F625-4320-AAE6-7C405D771E4B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE8BA4A2-E794-41FC-823F-9C8C70568261} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE986923-8382-4DCB-8E21-AD9229A8CDA6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF6A08C8-ED1C-4568-B2E5-9F681A71A355} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0ED0FF3-59B9-41DE-8E68-1BCC9DF210A6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1425FBB-35EC-462E-86BC-3074D776EA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1754D09-A7E9-4F7A-A2C-6A3E8CB1D557} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C180ED15-6DDD-48E2-B0CC-BC1E8757914F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C190BAFD-CA17-486E-ABB0-33B3F6F16E3D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1B03187-4235-4C3F-B463-92AAFC9AA658} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C415635-4A4E-4ED1-97F-BA46305213DC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C417BB9A-9E66-402C-B07-2ED0AC516B91} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C50DFE37-E5D0-4930-A7C4-58D2DF65E777} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C57BE9D1-3014-4F21-BA1F-33541267C94E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6ACF6E1-C968-468E-851A-9C5AA986B820} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C76CB219-25EE-4056-85FC-BDCF9E88DA7} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7AEE643-A682-4C1D-A1D4-ED234DE01BD3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7EC2D59-CC93-4B78-BB3B-13AE629CFD80} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C83095C1-7743-4DA9-9B5-DFE22AE2FA40} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C98F9D3B-3E61-4CF4-ABD6-A5FBC3BA724} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9AE223-6BE5-4917-A992-CD8D8CEC34BF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA39695F-1ADE-419D-85E1-3C756E14EFB6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA8FE53A-11FB-4A67-AF45-AD106AFBF94D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAC4B556-9DB7-4742-95AE-1CB19CBE915} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB4CE438-3ADD-44EC-9752-813FFD9BC7FE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCB72EF8-4B11-4D47-9632-161153BE30A5} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD5988F8-842B-4CB7-9C73-38D3B8A1A65B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDF2647D-3749-4621-B2A9-ECAF2895D1A1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE517B51-B1CE-4EEE-8F26-8FB842C6517A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D17BA111-F53D-437D-8DB5-C129D6FD5B76} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1AE55AF-9F0F-4DB4-85B3-3A2CC451B57} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1CDEBF9-EB18-47BB-A24F-764D7A2B2E6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D344A747-5201-4AA7-BDD6-1D275C7C6CCB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3F1167-E90C-4593-81DA-40317DDB142} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D61523EB-FA47-4957-84C6-FB8FB9F5FBCF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8D8AADC-BEC3-486E-84FA-AC9DF2AF3D6} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92010CF-4256-4F97-A268-59DA5AE41D9} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D93E1E6A-64A8-4A97-9F19-A5C8A9DB45FA} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D95100F8-1C96-4FC9-9322-798A71E0DA2D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA2FECFF-4CEF-47B0-87BD-C86F244ADC89} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBADAC49-6849-43DF-AB90-9F39EC8B4E12} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC32722-15A7-40F7-BFD8-7F5EEF23C8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCD8B224-1FEB-4793-A771-27BE84E2341A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD391C43-5180-4CFE-9991-89C0B02C7F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD8FD3A7-1A03-4061-824F-F8D1992BA811} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDF2D374-6753-4515-A0E1-C116CF77D4F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF2E8C2D-AE3C-4D3C-ADBA-1EA311974270} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF53AEB0-8873-451D-93EB-C17851679B46} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFD956D5-9B08-472E-B7A9-6D5458EC8673} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFF46875-6DE4-42B9-90BA-84AC3B2FDE4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E068457C-2B35-4BF0-A03-57E8904450DB} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D91C59-3381-40E8-A9D1-7BFFC1366B3F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E100C374-D656-4A33-9EB9-6920F84D3DDF} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E107C387-EBDD-4A88-952D-DAF571FB9B21} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E20E8174-2F7B-4DF1-8A9A-393BF264A6DC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E219A36-AC3-44C8-A912-B54B85651D82} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E254E60C-29CA-43EC-BDEF-CD3486C3157} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2BB012E-CAE3-48A7-996F-D56994A1E9B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C06741-D7AF-4B98-B5D8-7EC1624EEB90} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C792E-A736-474C-9036-CCE31EF89CA2} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E31F2117-F04-455E-946F-C2ABA71943BE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E38DEE7E-A127-438D-B1FF-CBE80C240C4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E39F83FE-69AF-454C-B927-5E7DAF82AA74} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E2FA5-A0C-49F8-8E6D-BF8A7D4B49D0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E74CF29C-4C96-4B3A-9FF8-7BF33336BB8F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7F19008-6FAA-45D5-B987-CC389699FBA3} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E85DF7F6-91DA-438C-914C-DC731B371CE8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8961C87-3B0E-4D5D-8128-DC82398FA34F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8B7EF99-F4A3-4996-9877-BE5886564C28} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8B7F3C5-39A-42BE-9756-B925B09FFE0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8CE6546-D84B-4E1D-9B2C-97EF1E5BC376} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E96BEF3B-AC84-42CE-ACB3-D135626A55D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E987A814-E971-41C3-B1DB-8FB73F5B851F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAA8AE7F-97B0-4887-893D-B7FC3391284C} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EABFE582-B29-420C-A5F1-DEAB9BBFE02} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAFD2369-6122-40F3-8D40-4C5E1A736BC0} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB072A41-D1B9-4ACD-8C4E-1840BE99C08C} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB623E10-A400-4687-AED5-674C3BBF8892} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB7E8FA3-945E-4617-8663-A7308E763033} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC398EBE-2999-4685-B28-BF1116A3BF7E} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC554BA0-1B72-4CC0-AD6E-F8DFB524A153} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED15FC8D-5E43-4681-B74F-7371A319312D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEDCE87-802B-4F47-82DA-83BF7C56E3B2} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE57E68-BB34-4217-8E17-445DD0FF39} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF1A66C0-F71C-4E99-8AD2-15714358E9B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0FB5BFE-1CCD-4084-B5A5-5E5376634CB8} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F12BA210-41AD-4DD4-B5C8-F36E1AD6825C} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F20A0B2E-5837-4754-87B-53C9C62A15F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F245D3B0-6D06-4E54-91BF-98FB34B41E7A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F275036-8C3A-4E90-8785-3568A7B43C29} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2F5F26C-478B-491D-9164-67CFE1AB4B7F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3266A9C-B8D4-4EAC-A0BD-E163A913C749} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4A342FD-534A-4D67-AD61-74AEEEBA5419} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F575746F-3FAC-4F6A-AE78-74FB1E225367} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5E4A702-31D3-4D21-8F1B-544B5C9E2FE} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6749B5E-6458-411F-AE1E-F44BBBA6229D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F690F07F-77FC-481E-8347-FD4CE0AD9379} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7034657-3283-4574-A2EF-472255CB6C7F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F70AF20C-A004-4CE8-B2BF-73C37B7AB92B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7D5EA52-1978-4560-A82F-DE66FB80147F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7D9CE0C-1AA8-4E0B-9D9B-24E0D356254A} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F925725B-F84F-4BC2-9B9A-366E2091CBB4} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F97E0BCF-73A3-4D56-A0F3-587CBD472D5B} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9C63481-2B75-44ED-8DD2-C1B990337611} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC256FFC-6E48-4CA9-96E5-86E339DCC65D} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD983F19-8378-4618-8773-68A314BE1E86} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDE18036-240C-4010-8174-D23740EE2416} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDE43C61-C211-4335-A4AD-FCA4935722EC} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF42446F-2B34-41C0-A999-2E2D97760B1} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF7AB161-AE01-4D09-9E7E-783AF44142} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFE6B6FA-C5D2-4790-B9D-AB512278719D} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\Elaborate Bytes not found
C:\Program Files\ICQLite not found
C:\Program Files\LEGO Software not found
C:\Program Files\Sierra not found
C:\Program Files\Soggy Melon not found
C:\Program Files\wyvern not found
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Malwarebytes' Anti-Malware (portable) not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\Program Files\Norton Security Scan deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\DivX deleted
C:\Program Files\Common Files\Config\uninstinethnfd.exe deleted
C:\Program Files\Yahoo! deleted
C:\Program Files\Common Files\Config deleted
C:\awh13E.tmp deleted
C:\awh141.tmp deleted
C:\awh179.tmp deleted
C:\awh1AA.tmp deleted
C:\awh1AC.tmp deleted
C:\awh272.tmp deleted
C:\awh2A8.tmp deleted
C:\awh2AB.tmp deleted
C:\awh2AC.tmp deleted
C:\awh2DB.tmp deleted
C:\awh2F6.tmp deleted
C:\awh2F8.tmp deleted
C:\awh30B.tmp deleted
C:\awh324.tmp deleted
C:\awh32B.tmp deleted
C:\awh331.tmp deleted
C:\awh34E.tmp deleted
C:\awh39.tmp deleted
C:\awh391.tmp deleted
C:\awh3CF.tmp deleted
C:\awh4.tmp deleted
C:\awh43E.tmp deleted
C:\awh45E.tmp deleted
C:\awh48.tmp deleted
C:\awh4CA.tmp deleted
C:\awh4FA.tmp deleted
C:\awh5.tmp deleted
C:\awh51F.tmp deleted
C:\awh54D.tmp deleted
C:\awh54F.tmp deleted
C:\awh58.tmp deleted
C:\awh58D.tmp deleted
C:\awh59.tmp deleted
C:\awh62.tmp deleted
C:\awh62B.tmp deleted
C:\awh659.tmp deleted
C:\awh672.tmp deleted
C:\awh67F.tmp deleted
C:\awh7.tmp deleted
C:\awh73.tmp deleted
C:\awh77.tmp deleted
C:\awh95.tmp deleted
C:\awh9F.tmp deleted
C:\awhA0.tmp deleted
C:\awhA3.tmp deleted
C:\awhA4.tmp deleted
C:\awhAD.tmp deleted
C:\awhB4.tmp deleted
C:\awhC8.tmp deleted
C:\awhCF.tmp deleted
C:\awhD1.tmp deleted
C:\awhD7.tmp deleted
C:\awhE4.tmp deleted
C:\awhE6.tmp deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Alawar Stargaze deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\AlawarWrapper deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ezsid.dat deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted
C:\WINDOWS\002893_.tmp deleted
C:\WINDOWS\DXT244.tmp deleted
C:\WINDOWS\DXT245.tmp deleted
C:\WINDOWS\DXT246.tmp deleted
C:\WINDOWS\DXT247.tmp deleted
C:\WINDOWS\DXT248.tmp deleted
C:\WINDOWS\DXT249.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\wininit.ini deleted
C:\Documents and Settings\martin\Plocha\SoftonicDownloader_for_sonic-games.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [03.10.2009 20:13]

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.135


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSERT1"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"ICQ Search"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/?pc=MSERT1"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{5EC0ADDB-B9DE-423F-9AFE-6B6F3337500C} Google Url="http://www.google.com/search?q={searchT ... PT_enCZ402"
{A19D3317-B05E-492E-911D-46F7C4D770DA} Google Url="http://www.google.com/search?q={searchT ... 1I7GGLL_en"
{B0D09CC8-DB01-4292-BBCE-32A96C54DDC4} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_16194"
{C81B6868-40A7-498D-9CBF-0C73A4837B6F} Google Url="http://www.google.com/search?q={searchT ... 1I7GGLL_en"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\martin\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\martin\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=147 folders=18 18535162 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\martin\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\martin\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted

==== EOF on so 09.05.2015 at 23:44:25,14 ======================

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 10 kvě 2015 05:20
od vyosek
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100 - stahnete jen FRST, ne FRSTLauncher a ten spustte

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 10 kvě 2015 10:43
od A-Tom
tady je:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by martin (administrator) on MARTIN-01C6B47C on 10-05-2015 11:42:27
Running from C:\Documents and Settings\martin\Dokumenty\Downloads
Loaded Profiles: martin (Available profiles: martin)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\daemon.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [ISUSPM Startup] => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-05-16] (Macrovision Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16377344 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [ISUSPM] => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2007-12-29] (DT Soft Ltd)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [NVIDIA driver monitor] => c:\windows\nvsvc32.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {3959b282-30e5-11e4-99b6-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {3959b284-30e5-11e4-99b6-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {9f356516-6b89-11e1-991d-001a4df4cbbd} - I:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240418-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240437-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240444-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240446-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?q={searchTer ... &pc=MSERT1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1177238915-1788223648-839522115-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1177238915-1788223648-839522115-1003 -> {B0D09CC8-DB01-4292-BBCE-32A96C54DDC4} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\WINDOWS\WebIE.dll [2008-01-20] ()
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll [2008-01-20] ()
Toolbar: HKU\S-1-5-21-1177238915-1788223648-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1177238915-1788223648-839522115-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Data aplikací\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2006-09-26] (Zylom)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2001-09-10] (Adobe Systems Inc.)
FF Extension: suprize - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\4SyUV@gmail.com [2015-04-01]
FF Extension: regexptestersebastianzartnerathcx - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\regexptester@sebastianzartner.ath.cx [2015-04-01]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-08-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-02]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [Not Found]
FF Extension: No Name - C:\Program Files\ver2OffersWizard\190.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\89ffxtbr@SafePCRepair_89.com [Not Found]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://seznam.cz/"
CHR Profile: C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-09]
CHR Extension: (Google Docs) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-09]
CHR Extension: (Google Drive) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-09]
CHR Extension: (YouTube) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-09]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-09]
CHR Extension: (Google Search) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-09]
CHR Extension: (Google Sheets) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-09]
CHR Extension: (AdBlock) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-09]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-09]
CHR Extension: (Gmail) - C:\Documents and Settings\martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-01-04] (Macrovision Europe Ltd.) [File not signed]
R2 PnkBstrA; C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [43008 2006-06-19] (Advanced Micro Devices)
S3 gdrv; C:\WINDOWS\gdrv.sys [15600 2008-01-04] (Windows (R) 2000 DDK provider)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
R0 imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [5888 2005-08-15] (Ahead Software AG) [File not signed]
R0 imagesrv; C:\WINDOWS\System32\DRIVERS\imagesrv.sys [127488 2005-08-15] (Ahead Software AG) [File not signed]
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [46720 2007-05-04] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2007-05-04] (NVIDIA Corporation)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-02-17] (VSO Software) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2008-01-06] (Padus, Inc.) [File not signed]
R1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [79488 2004-05-13] (Protection Technology) [File not signed]
R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology) [File not signed]
R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology) [File not signed]
R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [715248 2008-01-04] () [File not signed]
U3 ah43m6o1; C:\WINDOWS\system32\Drivers\ah43m6o1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [235392 2010-12-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 11:39 - 2015-05-10 11:42 - 00000000 ___DC () C:\FRST
2015-05-09 23:39 - 2015-05-10 11:43 - 00000000 ___DC () C:\Documents and Settings\martin\Local Settings\Temp
2015-05-09 23:39 - 2015-05-09 23:22 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-09 23:26 - 2015-05-09 23:44 - 00077813 ____C () C:\zoek-results.log
2015-05-09 23:22 - 2015-05-09 23:38 - 00000000 ___DC () C:\zoek_backup
2015-05-09 23:15 - 2015-05-09 23:16 - 00000000 ___DC () C:\AdwCleaner
2015-05-09 21:59 - 2015-05-09 21:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 21:59 - 2015-05-09 21:59 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-09 21:57 - 2015-05-09 23:00 - 00000000 ____D () C:\Documents and Settings\martin\Plocha\mbar
2015-05-09 21:57 - 2015-05-09 21:57 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-09 21:37 - 2015-05-09 21:37 - 00000000 ___DC () C:\rsit
2015-05-09 21:37 - 2015-05-09 21:37 - 00000000 ____D () C:\Program Files\trend micro
2015-05-09 21:33 - 2015-05-09 21:33 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-05-09 21:33 - 2015-05-09 21:33 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-10 11:43 - 2015-04-01 17:43 - 00001376 _____ () C:\WINDOWS\Tasks\suprize_notification_service.job
2015-05-10 11:39 - 2008-01-20 13:52 - 00000134 _____ () C:\WINDOWS\MAILTRAN.INI
2015-05-10 11:37 - 2010-10-24 20:11 - 00000468 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{CF5B6196-AFF0-4E2F-B2BB-3ACA9BC5CDBB}.job
2015-05-10 11:35 - 2015-04-01 17:43 - 00001028 _____ () C:\WINDOWS\Tasks\21IgGiigAxVT.job
2015-05-10 11:35 - 2015-04-01 17:43 - 00000738 _____ () C:\WINDOWS\Tasks\suprize_updating_service.job
2015-05-10 11:35 - 2015-01-01 12:26 - 00001718 _____ () C:\WINDOWS\Tasks\DRYOLORT.job
2015-05-10 11:35 - 2015-01-01 12:26 - 00001370 _____ () C:\WINDOWS\Tasks\KFDETW.job
2015-05-10 11:35 - 2014-08-21 21:01 - 00000224 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-05-10 11:35 - 2010-10-20 19:53 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 11:35 - 2008-01-04 19:52 - 01145017 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 11:35 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-10 11:34 - 2011-07-24 17:29 - 00000436 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-10 11:34 - 2008-01-04 19:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 11:34 - 2008-01-04 03:41 - 00981366 _____ () C:\WINDOWS\setupapi.log
2015-05-10 11:34 - 2008-01-04 03:40 - 00192135 _____ () C:\WINDOWS\setupact.log
2015-05-10 00:02 - 2008-01-04 19:55 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-10 00:01 - 2014-08-07 22:38 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 23:38 - 2008-01-04 19:56 - 00000000 ____D () C:\Documents and Settings\martin\Plocha
2015-05-09 23:38 - 2008-01-04 03:41 - 00000000 _RHDC () C:\Documents and Settings\All Users\Data aplikací
2015-05-09 23:27 - 2008-01-04 19:56 - 00000000 ___RD () C:\Documents and Settings\martin\Nabídka Start\Programy
2015-05-09 23:27 - 2008-01-04 03:42 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-05-09 23:16 - 2015-03-29 10:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-09 23:16 - 2008-01-04 19:56 - 00000000 ___RD () C:\Documents and Settings\martin\Dokumenty
2015-05-09 23:16 - 2008-01-04 19:56 - 00000000 ___HD () C:\Documents and Settings\martin\Local Settings\Data aplikací
2015-05-09 23:06 - 2010-10-20 19:53 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 23:01 - 2015-01-01 12:27 - 00000000 ____D () C:\Documents and Settings\martin\Data aplikací\Seznam.cz
2015-05-09 23:01 - 2010-10-20 19:51 - 00000000 ____D () C:\Documents and Settings\martin\Data aplikací\Skype
2015-05-09 23:00 - 2015-04-01 18:43 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-09 21:51 - 2008-01-04 19:56 - 00000000 __RHD () C:\Documents and Settings\martin\Data aplikací
2015-05-09 21:48 - 2015-01-01 12:28 - 00000000 ____D () C:\Documents and Settings\martin\Data aplikací\17096
2015-05-09 21:48 - 2008-01-04 03:42 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2015-05-09 21:48 - 2008-01-04 03:42 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-05-09 21:33 - 2008-01-19 11:14 - 00000000 ____D () C:\Documents and Settings\martin\Local Settings\Data aplikací\Google
2015-05-09 21:32 - 2008-01-19 11:13 - 00000000 ____D () C:\Program Files\Google
2015-05-09 21:24 - 2008-01-04 19:56 - 00000000 ___RD () C:\Documents and Settings\martin\Nabídka Start
2015-05-09 21:22 - 2008-01-06 14:23 - 00000000 ____D () C:\Program Files\ESET
2015-05-09 21:10 - 2010-10-20 19:53 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\Google
2015-05-09 21:10 - 2009-02-17 19:29 - 00000000 ____D () C:\Program Files\GameSpy Arcade
2015-05-09 21:10 - 2008-01-20 14:05 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2015-05-09 21:09 - 2008-02-24 18:20 - 00002656 ____C () C:\WINDOWS\DIFx.log
2015-05-09 21:01 - 2008-01-06 15:08 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2015-05-09 21:01 - 2008-01-04 19:56 - 00000000 ___RD () C:\Documents and Settings\martin\Nabídka Start\Programy\Po spuštění
2015-05-09 21:01 - 2008-01-04 03:42 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-05-09 20:52 - 2012-03-11 13:22 - 00000012 ____C () C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
2015-05-02 10:11 - 2008-01-04 22:02 - 00000202 _____ () C:\WINDOWS\NeroDigital.ini
2015-04-29 21:35 - 2014-08-21 20:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-29 20:01 - 2008-01-20 10:04 - 125832184 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-29 15:33 - 2010-08-08 17:19 - 00000000 __SHD () C:\WINDOWS\CSC
2015-04-17 17:15 - 2008-01-20 14:05 - 00000392 _____ () C:\WINDOWS\Tasks\1-Click Maintenance.job
2015-04-17 17:01 - 2014-09-10 20:01 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-04-17 17:01 - 2014-08-07 22:38 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-17 17:01 - 2014-08-07 22:38 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-17 16:59 - 2008-01-04 22:02 - 00000071 _____ () C:\Documents and Settings\martin\default.pls
2015-04-17 16:59 - 2008-01-04 19:56 - 00000000 ____D () C:\Documents and Settings\martin
2015-04-17 16:56 - 2008-01-07 21:04 - 00000000 ___RD () C:\Documents and Settings\martin\Dokumenty\Filmy
2015-04-17 16:54 - 2008-01-16 20:49 - 00171520 _____ () C:\Documents and Settings\martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-17 16:06 - 2008-01-04 19:51 - 00123967 ____C () C:\WINDOWS\wmsetup.log
2015-04-17 15:20 - 2014-01-23 00:21 - 00000326 _____ () C:\WINDOWS\EReg072.dat
2015-04-17 15:08 - 2008-01-20 18:44 - 00000000 ____D () C:\Documents and Settings\martin\Data aplikací\uTorrent

==================== Files in the root of some directories =======

2008-01-06 14:15 - 2008-02-19 17:55 - 0000085 __SHC () C:\Documents and Settings\martin\Data aplikací\.zreglib
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT
2015-04-03 15:49 - 2015-04-03 15:49 - 1224704 _____ () C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Documents and Settings\martin\Data aplikací\DRYOLORT
2015-01-01 12:26 - 2015-01-01 12:26 - 2052584 _____ (HDQ-1.2cV01.01) C:\Documents and Settings\martin\Data aplikací\DRYOLORT.exe
2008-01-06 14:27 - 2008-02-17 10:23 - 0081920 ____C () C:\Documents and Settings\martin\Data aplikací\ezpinst.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Documents and Settings\martin\Data aplikací\KFDETW
2015-01-01 12:26 - 2015-01-01 12:26 - 1551336 _____ (HDQ-1.2cV01.01) C:\Documents and Settings\martin\Data aplikací\KFDETW.exe
2008-01-06 14:27 - 2008-02-17 10:23 - 0007176 ____C () C:\Documents and Settings\martin\Data aplikací\pcouffin.cat
2008-01-06 14:27 - 2008-02-17 10:23 - 0001144 ____C () C:\Documents and Settings\martin\Data aplikací\pcouffin.inf
2008-01-06 14:28 - 2008-02-17 10:23 - 0000034 ____C () C:\Documents and Settings\martin\Data aplikací\pcouffin.log
2008-01-06 14:27 - 2008-02-17 10:23 - 0047360 ____C (VSO Software) C:\Documents and Settings\martin\Data aplikací\pcouffin.sys
2009-10-30 16:22 - 2009-07-07 16:16 - 0076407 ____C () C:\Documents and Settings\martin\Data aplikací\Smiley.ico
2008-01-16 20:49 - 2015-04-17 16:54 - 0171520 _____ () C:\Documents and Settings\martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-10-04 06:40 - 2010-10-04 06:40 - 0000126 _____ () C:\Documents and Settings\martin\Local Settings\Data aplikací\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 10 kvě 2015 11:06
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [ISUSPM] => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2007-12-29] (DT Soft Ltd)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [NVIDIA driver monitor] => c:\windows\nvsvc32.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {3959b282-30e5-11e4-99b6-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {3959b284-30e5-11e4-99b6-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {9f356516-6b89-11e1-991d-001a4df4cbbd} - I:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240418-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240437-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240444-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240446-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe

HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\WINDOWS\WebIE.dll [2008-01-20] ()

FF Extension: suprize - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\4SyUV@gmail.com [2015-04-01]
FF Extension: regexptestersebastianzartnerathcx - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\regexptester@sebastianzartner.ath.cx [2015-04-01]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [Not Found]
FF Extension: No Name - C:\Program Files\ver2OffersWizard\190.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\89ffxtbr@SafePCRepair_89.com [Not Found]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com [Not Found]

U3 ah43m6o1; C:\WINDOWS\system32\Drivers\ah43m6o1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; No ImagePath
S3 TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

c:\windows\nvsvc32.exe
2015-05-09 23:39 - 2015-05-09 23:22 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-09 23:26 - 2015-05-09 23:44 - 00077813 ____C () C:\zoek-results.log
2015-05-09 23:22 - 2015-05-09 23:38 - 00000000 ___DC () C:\zoek_backup
2015-05-09 23:15 - 2015-05-09 23:16 - 00000000 ___DC () C:\AdwCleaner
2015-05-09 21:59 - 2015-05-09 21:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 21:59 - 2015-05-09 21:59 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-09 21:57 - 2015-05-09 23:00 - 00000000 ____D () C:\Documents and Settings\martin\Plocha\mbar
2015-05-09 21:57 - 2015-05-09 21:57 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-09 21:37 - 2015-05-09 21:37 - 00000000 ___DC () C:\rsit
2015-05-09 21:37 - 2015-05-09 21:37 - 00000000 ____D () C:\Program Files\trend micro
2015-05-10 11:43 - 2015-04-01 17:43 - 00001376 _____ () C:\WINDOWS\Tasks\suprize_notification_service.job
2015-05-10 11:37 - 2010-10-24 20:11 - 00000468 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{CF5B6196-AFF0-4E2F-B2BB-3ACA9BC5CDBB}.job
2015-05-10 11:35 - 2015-04-01 17:43 - 00001028 _____ () C:\WINDOWS\Tasks\21IgGiigAxVT.job
2015-05-10 11:35 - 2015-04-01 17:43 - 00000738 _____ () C:\WINDOWS\Tasks\suprize_updating_service.job
2015-05-10 11:35 - 2015-01-01 12:26 - 00001718 _____ () C:\WINDOWS\Tasks\DRYOLORT.job
2015-05-10 11:35 - 2015-01-01 12:26 - 00001370 _____ () C:\WINDOWS\Tasks\KFDETW.job
2015-05-10 11:35 - 2014-08-21 21:01 - 00000224 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-05-10 11:35 - 2010-10-20 19:53 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 11:34 - 2008-01-04 03:41 - 00981366 _____ () C:\WINDOWS\setupapi.log
2015-05-10 11:34 - 2008-01-04 03:40 - 00192135 _____ () C:\WINDOWS\setupact.log
2015-05-10 00:02 - 2008-01-04 19:55 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-10 00:01 - 2014-08-07 22:38 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 23:06 - 2010-10-20 19:53 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 23:00 - 2015-04-01 18:43 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-09 21:48 - 2015-01-01 12:28 - 00000000 ____D () C:\Documents and Settings\martin\Data aplikací\17096
2015-04-17 17:15 - 2008-01-20 14:05 - 00000392 _____ () C:\WINDOWS\Tasks\1-Click Maintenance.job
2015-04-17 16:54 - 2008-01-16 20:49 - 00171520 _____ () C:\Documents and Settings\martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-01-06 14:15 - 2008-02-19 17:55 - 0000085 __SHC () C:\Documents and Settings\martin\Data aplikací\.zreglib
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT
2015-04-03 15:49 - 2015-04-03 15:49 - 1224704 _____ () C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Documents and Settings\martin\Data aplikací\DRYOLORT
2015-01-01 12:26 - 2015-01-01 12:26 - 2052584 _____ (HDQ-1.2cV01.01) C:\Documents and Settings\martin\Data aplikací\DRYOLORT.exe
2008-01-06 14:27 - 2008-02-17 10:23 - 0081920 ____C () C:\Documents and Settings\martin\Data aplikací\ezpinst.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Documents and Settings\martin\Data aplikací\KFDETW
2015-01-01 12:26 - 2015-01-01 12:26 - 1551336 _____ (HDQ-1.2cV01.01) C:\Documents and Settings\martin\Data aplikací\KFDETW.exe

C:\WINDOWS\tasks\*.job

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 10 kvě 2015 13:12
od A-Tom
tady je:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by martin at 2015-05-10 13:28:47 Run:1
Running from C:\Documents and Settings\martin\Dokumenty\Downloads
Loaded Profiles: martin (Available profiles: martin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [ISUSPM] => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\daemon.exe [486856 2007-12-29] (DT Soft Ltd)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [NVIDIA driver monitor] => c:\windows\nvsvc32.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {3959b282-30e5-11e4-99b6-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {3959b284-30e5-11e4-99b6-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {9f356516-6b89-11e1-991d-001a4df4cbbd} - I:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240418-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240437-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240444-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\...\MountPoints2: {af240446-6b53-11e1-991b-001a4df4cbbd} - G:\Autorun.exe

HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSERT1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/search?q={searchTer ... &pc=MSERT1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\WINDOWS\WebIE.dll [2008-01-20] ()

FF Extension: suprize - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\4SyUV@gmail.com [2015-04-01]
FF Extension: regexptestersebastianzartnerathcx - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\regexptester@sebastianzartner.ath.cx [2015-04-01]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [Not Found]
FF Extension: No Name - C:\Program Files\ver2OffersWizard\190.xpi [Not Found]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\89ffxtbr@SafePCRepair_89.com [Not Found]
FF Extension: No Name - C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com [Not Found]

U3 ah43m6o1; C:\WINDOWS\system32\Drivers\ah43m6o1.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; No ImagePath
S3 TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

c:\windows\nvsvc32.exe
2015-05-09 23:39 - 2015-05-09 23:22 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-05-09 23:26 - 2015-05-09 23:44 - 00077813 ____C () C:\zoek-results.log
2015-05-09 23:22 - 2015-05-09 23:38 - 00000000 ___DC () C:\zoek_backup
2015-05-09 23:15 - 2015-05-09 23:16 - 00000000 ___DC () C:\AdwCleaner
2015-05-09 21:59 - 2015-05-09 21:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 21:59 - 2015-05-09 21:59 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-05-09 21:57 - 2015-05-09 23:00 - 00000000 ____D () C:\Documents and Settings\martin\Plocha\mbar
2015-05-09 21:57 - 2015-05-09 21:57 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-09 21:37 - 2015-05-09 21:37 - 00000000 ___DC () C:\rsit
2015-05-09 21:37 - 2015-05-09 21:37 - 00000000 ____D () C:\Program Files\trend micro
2015-05-10 11:43 - 2015-04-01 17:43 - 00001376 _____ () C:\WINDOWS\Tasks\suprize_notification_service.job
2015-05-10 11:37 - 2010-10-24 20:11 - 00000468 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{CF5B6196-AFF0-4E2F-B2BB-3ACA9BC5CDBB}.job
2015-05-10 11:35 - 2015-04-01 17:43 - 00001028 _____ () C:\WINDOWS\Tasks\21IgGiigAxVT.job
2015-05-10 11:35 - 2015-04-01 17:43 - 00000738 _____ () C:\WINDOWS\Tasks\suprize_updating_service.job
2015-05-10 11:35 - 2015-01-01 12:26 - 00001718 _____ () C:\WINDOWS\Tasks\DRYOLORT.job
2015-05-10 11:35 - 2015-01-01 12:26 - 00001370 _____ () C:\WINDOWS\Tasks\KFDETW.job
2015-05-10 11:35 - 2014-08-21 21:01 - 00000224 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-05-10 11:35 - 2010-10-20 19:53 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 11:34 - 2008-01-04 03:41 - 00981366 _____ () C:\WINDOWS\setupapi.log
2015-05-10 11:34 - 2008-01-04 03:40 - 00192135 _____ () C:\WINDOWS\setupact.log
2015-05-10 00:02 - 2008-01-04 19:55 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-10 00:01 - 2014-08-07 22:38 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 23:06 - 2010-10-20 19:53 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-09 23:00 - 2015-04-01 18:43 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-05-09 21:48 - 2015-01-01 12:28 - 00000000 ____D () C:\Documents and Settings\martin\Data aplikací\17096
2015-04-17 17:15 - 2008-01-20 14:05 - 00000392 _____ () C:\WINDOWS\Tasks\1-Click Maintenance.job
2015-04-17 16:54 - 2008-01-16 20:49 - 00171520 _____ () C:\Documents and Settings\martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-01-06 14:15 - 2008-02-19 17:55 - 0000085 __SHC () C:\Documents and Settings\martin\Data aplikací\.zreglib
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT
2015-04-03 15:49 - 2015-04-03 15:49 - 1224704 _____ () C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Documents and Settings\martin\Data aplikací\DRYOLORT
2015-01-01 12:26 - 2015-01-01 12:26 - 2052584 _____ (HDQ-1.2cV01.01) C:\Documents and Settings\martin\Data aplikací\DRYOLORT.exe
2008-01-06 14:27 - 2008-02-17 10:23 - 0081920 ____C () C:\Documents and Settings\martin\Data aplikací\ezpinst.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Documents and Settings\martin\Data aplikací\KFDETW
2015-01-01 12:26 - 2015-01-01 12:26 - 1551336 _____ (HDQ-1.2cV01.01) C:\Documents and Settings\martin\Data aplikací\KFDETW.exe

C:\WINDOWS\tasks\*.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value deleted successfully.
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value not found.
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor => value deleted successfully.
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3959b282-30e5-11e4-99b6-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{3959b282-30e5-11e4-99b6-001a4df4cbbd} => Key not found.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3959b284-30e5-11e4-99b6-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{3959b284-30e5-11e4-99b6-001a4df4cbbd} => Key not found.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f356516-6b89-11e1-991d-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{9f356516-6b89-11e1-991d-001a4df4cbbd} => Key not found.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af240418-6b53-11e1-991b-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{af240418-6b53-11e1-991b-001a4df4cbbd} => Key not found.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af240437-6b53-11e1-991b-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{af240437-6b53-11e1-991b-001a4df4cbbd} => Key not found.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af240444-6b53-11e1-991b-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{af240444-6b53-11e1-991b-001a4df4cbbd} => Key not found.
"HKU\S-1-5-21-1177238915-1788223648-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af240446-6b53-11e1-991b-001a4df4cbbd}" => Key deleted successfully.
HKCR\CLSID\{af240446-6b53-11e1-991b-001a4df4cbbd} => Key not found.
HKU\S-1-5-21-1177238915-1788223648-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}" => Key deleted successfully.
"HKCR\CLSID\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}" => Key deleted successfully.
C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\4SyUV@gmail.com => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\Extensions\regexptester@sebastianzartner.ath.cx => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => not found.
C:\Program Files\ver2OffersWizard\190.xpi => not found.
C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\89ffxtbr@SafePCRepair_89.com => not found.
C:\Documents and Settings\martin\Data aplikací\Mozilla\Firefox\Profiles\fhrpep7c.default\extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com => not found.
ah43m6o1 => Service deleted successfully.
BlueletAudio => Service deleted successfully.
BlueletSCOAudio => Service deleted successfully.
BT => Service deleted successfully.
BTHidEnum => Service deleted successfully.
BTHidMgr => Service deleted successfully.
hwusbdev => Service deleted successfully.
InCDFs => Service deleted successfully.
InCDPass => Service deleted successfully.
InCDRm => Service deleted successfully.
IntelIde => Service deleted successfully.
TVICHW32 => Service deleted successfully.
VComm => Service deleted successfully.
VcommMgr => Service deleted successfully.
"c:\windows\nvsvc32.exe" => File/Directory not found.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes => Moved successfully.
C:\Documents and Settings\martin\Plocha\mbar => Moved successfully.
C:\WINDOWS\system32\Drivers\mbamchameleon.sys => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\WINDOWS\Tasks\suprize_notification_service.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{CF5B6196-AFF0-4E2F-B2BB-3ACA9BC5CDBB}.job => Moved successfully.
C:\WINDOWS\Tasks\21IgGiigAxVT.job => Moved successfully.
C:\WINDOWS\Tasks\suprize_updating_service.job => Moved successfully.
C:\WINDOWS\Tasks\DRYOLORT.job => Moved successfully.
C:\WINDOWS\Tasks\KFDETW.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\setupapi.log => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
Could not move "C:\WINDOWS\SchedLgU.Txt" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\17096 => Moved successfully.
C:\WINDOWS\Tasks\1-Click Maintenance.job => Moved successfully.
C:\Documents and Settings\martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\.zreglib => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\21IgGiigAxVT.exe => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\DRYOLORT => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\DRYOLORT.exe => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\ezpinst.exe => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\KFDETW => Moved successfully.
C:\Documents and Settings\martin\Data aplikací\KFDETW.exe => Moved successfully.
C:\WINDOWS\tasks\*.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 682.5 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-05-10 14:10:51)<=

"C:\WINDOWS\SchedLgU.Txt" => File could not move.

==== End of Fixlog 14:10:51 ====

Re: Ultimátně zasviněné pc, prosím o kontrolu

Napsal: 10 kvě 2015 13:21
od vyosek
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz