Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Bax2013 on çt 21. 02. 2019 at 13:36:49,28.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\_Virus likvid\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
21. 2. 2019 13:39:01 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\2mavm9y0 deleted successfully
C:\PROGRA~2\5k9vimax deleted successfully
C:\PROGRA~2\ab7a7a3o deleted successfully
C:\PROGRA~2\Elex-tech deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\RAMDisk deleted successfully
C:\PROGRA~2\Real deleted successfully
C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\COMMON~1\PDF Architect deleted successfully
C:\Program Files\McAfee deleted successfully
C:\PROGRA~3\ASUS OC Profiles deleted successfully
C:\PROGRA~3\ConMet deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Bax2013\AppData\Roaming\Broad Intelligence deleted successfully
C:\Users\Bax2013\AppData\Roaming\Elex-tech deleted successfully
C:\Users\Bax2013\AppData\Roaming\Google.Apis.Auth deleted successfully
C:\Users\Bax2013\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Bax2013\AppData\Roaming\MPC-HC deleted successfully
C:\Users\Bax2013\AppData\Roaming\Nero deleted successfully
C:\Users\Bax2013\AppData\Local\calibre-cache deleted successfully
C:\Users\Bax2013\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Bax2013\AppData\Local\EmieSiteList deleted successfully
C:\Users\Bax2013\AppData\Local\EmieUserList deleted successfully
C:\Users\Bax2013\AppData\Local\GHISLER deleted successfully
C:\Users\Bax2013\AppData\Local\KrosMeniny deleted successfully
C:\Users\Bax2013\AppData\Local\PDFCreator deleted successfully
C:\Users\LUK~1\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-1391750300-441857230-858820617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QQPCRTP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QQPCRTP deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\0zymj2qe.default\prefs.js:
user_pref("browser.startup.homepage", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
user_pref("browser.newtab.url", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
Added to C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\0zymj2qe.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
user_pref("browser.newtab.url", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
user_pref("browser.search.defaultenginename", "nice");
user_pref("browser.search.defaultenginename.US", "data:text/plain,browser.search.defaultenginename.US=yessearches");
user_pref("browser.search.selectedEngine", "nice");
user_pref("browser.search.order.1", "nice");
user_pref("keyword.URL", "
http://www.yessearches.com/chrome.php?u ... toolbar&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "
http://www.yessearches.com/?ts=AHEpAXUt ... ode=ffseng");
user_pref("browser.newtab.url", "
http://www.yessearches.com/?ts=AHEpAXUt ... ode=ffseng");
user_pref("browser.search.defaultenginename", "yessearches");
user_pref("browser.search.selectedEngine", "yessearches");
Added to C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default\prefs.js:
user_pref("browser.startup.homepage", "
https://www.google.com");
user_pref("browser.search.defaulturl", "
https://www.google.com/search?bcutc=sp-006");
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "
https://www.google.com/search?bcutc=sp-006");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax\prefs.js:
user_pref("browser.search.defaultenginename", "nice");
user_pref("browser.search.selectedEngine", "nice");
user_pref("browser.search.order.1", "nice");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Bax2013\AppData\Roaming\Mozilla\SeaMonkey\Profiles\33ohs5rz.default\prefs.js:
user_pref("browser.startup.homepage", "
https://www.google.sk/");
Added to C:\Users\Bax2013\AppData\Roaming\Mozilla\SeaMonkey\Profiles\33ohs5rz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\slky63mv.default\prefs.js:
Added to C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\slky63mv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\0zymj2qe.default
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1467174390");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
user_pref("browser.search.searchengine.url", "
http://www.nicesearches.com/search.php? ... 168_z300dq
---- Lines searchengine removed from user.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1467174390");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
user_pref("browser.search.searchengine.url", "
http://www.nicesearches.com/search.php? ... earchTerms}");
---- Lines searches removed from user.js ----
user_pref("browser.newtab.url", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
user_pref("browser.startup.homepage", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
---- Lines {ABDE892B-13A8-4d1b-88E6-365A6E755758} removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"s3google@translator\":{\"d\":\"C:\\\\Users\\\\Bax2013\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefo
---- FireFox user.js and prefs.js backups ----
user_201921.02._1403_.backup
prefs_201921.02._1403_.backup
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1
---- Lines mindspark removed from prefs.js ----
user_pref("extensions.toolbar.mindspark._brMembers_.browser.version.last", "43.0");
user_pref("extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE", "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":224520316,
user_pref("extensions.toolbar.mindspark._brMembers_.firstKnownVersion", "7.38.8.45986");
user_pref("extensions.toolbar.mindspark._brMembers_.homepage", "/index.jhtml?n=7829e503");
user_pref("extensions.toolbar.mindspark._brMembers_.hp.enabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.hp.guardType", "HPR");
user_pref("extensions.toolbar.mindspark._brMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._brMembers_.installation.installDate", "2016011523");
user_pref("extensions.toolbar.mindspark._brMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._brMembers_.lastActivePing", "1452938737157");
user_pref("extensions.toolbar.mindspark._brMembers_.lastKnownVersion", "7.38.8.45986");
user_pref("extensions.toolbar.mindspark._brMembers_.lssState", "{\"previousLocales\":[\"sk\",\"cs\",\"en-US\",\"en\"],\"supportedLocales\":[\"de\",\"e
user_pref("extensions.toolbar.mindspark._brMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._brMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._brMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.language", "en");
user_pref("extensions.toolbar.mindspark._brMembers_.productDeliveryOption.type", "Toolbar");
user_pref("extensions.toolbar.mindspark._brMembers_.searchHistory", "jano");
user_pref("extensions.toolbar.mindspark._brMembers_.shownUninstall", true);
user_pref("extensions.toolbar.mindspark._brMembers_.startupTasks", "{\"clearPrefs\":[\"extensions.toolbar.mindspark._brMembers_.shownUninstall\"],\"un
user_pref("extensions.toolbar.mindspark._brMembers_.successUrl", "
http://www.yessearches.com/chrome.php?u ... 4&ptid=wak&
user_pref("extensions.toolbar.mindspark._brMembers_.toolbarCollapsed", true);
user_pref("extensions.toolbar.mindspark._brMembers_.uninstallTasks", "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark._brMembers_.\"],\"file
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.lastInstalled", "
yourGSearchfinder@GSearch.com");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.hp", "
http://www.yessearches.com/?ts=AHEpAXUt ... 4&ptid=wak&
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.sp", "
http://www.yessearches.com/chrome.php?m ... ..&uid=EA1
user_pref("browser.search.searchengine.ts", "1467174390");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
user_pref("browser.search.searchengine.url", "
http://www.nicesearches.com/search.php? ... 168_z300dq
---- Lines searchengine removed from user.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1467174390");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
user_pref("browser.search.searchengine.url", "
http://www.nicesearches.com/search.php? ... earchTerms}");
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- Lines searches removed from user.js ----
user_pref("browser.newtab.url", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
user_pref("browser.startup.homepage", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
---- FireFox user.js and prefs.js backups ----
user_201921.02._1403_.backup
prefs_201921.02._1403_.backup
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.hp", "
http://www.yessearches.com/?ts=AHEpAXUt ... 4&ptid=wak&
user_pref("browser.search.searchengine.sp", "
http://www.yessearches.com/chrome.php?m ... ..&uid=EA1
user_pref("browser.search.searchengine.url", "
http://www.yessearches.com/chrome.php?m ... E..&uid=EA
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- Lines {ABDE892B-13A8-4d1b-88E6-365A6E755758} removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"s3google@translator\":{\"d\":\"C:\\\\Users\\\\Bax2013\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefo
---- FireFox user.js and prefs.js backups ----
prefs_201921.02._1403_.backup
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default
user.js not found
---- Lines search.com removed from prefs.js ----
user_pref("browser.onboarding.tour.onboarding-tour-singlesearch.completed", true);
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1470036402");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
user_pref("browser.search.searchengine.url", "
http://www.nicesearches.com/search.php? ... 168_z300dq
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----
prefs_201921.02._1403_.backup
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax
---- Lines searchengine removed from prefs.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1470036402");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
---- Lines searchengine removed from user.js ----
user_pref("browser.search.searchengine.alias", "");
user_pref("browser.search.searchengine.iconURL", "
http://www.nicesearches.com/favicon.ico?t=1");
user_pref("browser.search.searchengine.name", "nice");
user_pref("browser.search.searchengine.ref", "");
user_pref("browser.search.searchengine.ts", "1470036402");
user_pref("browser.search.searchengine.type", "");
user_pref("browser.search.searchengine.uid", "st4000dm000-1f2168_z300dq0kxxxxz300dq0k");
user_pref("browser.search.searchengine.url", "
http://www.nicesearches.com/search.php? ... earchTerms}");
---- Lines searches removed from user.js ----
user_pref("browser.newtab.url", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
user_pref("browser.startup.homepage", "
http://www.nicesearches.com?type=hp&ts= ... 5mfzac9tcm");
---- FireFox user.js and prefs.js backups ----
user_201921.02._1403_.backup
prefs_201921.02._1403_.backup
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\SeaMonkey\Profiles\33ohs5rz.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_201921.02._1403_.backup
ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\slky63mv.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_201921.02._1403_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\2mavm9y0 not found
C:\PROGRA~2\5k9vimax not found
C:\PROGRA~2\ab7a7a3o not found
C:\PROGRA~2\Elex-tech not found
C:\PROGRA~2\RAMDisk not found
C:\PROGRA~2\Real not found
C:\PROGRA~2\Samsung not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\Users\Bax2013\AppData\Local\Samsung deleted
C:\Users\Bax2013\AppData\Roaming\calibre deleted
C:\Users\Bax2013\AppData\Roaming\HandBrake deleted
C:\Users\Bax2013\AppData\Roaming\TechSmith deleted
C:\Users\Bax2013\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Bax2013\AppData\Roaming\VDownloader deleted
C:\Users\Bax2013\AppData\Roaming\CamStudio.Producer.Data.ini deleted
C:\Users\Bax2013\AppData\Roaming\CamStudio.Producer.ini deleted
C:\Users\Bax2013\AppData\Roaming\Thinstall deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Solvusoft deleted
C:\PROGRA~3\Elcomsoft Password Recovery deleted
C:\PROGRA~3\{3D1CB307-101E-4470-BB4D-F8AE321A00C7} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Bax2013\AppData\Local\Unity deleted
C:\Users\Bax2013\AppData\Local\AvastSupport deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineCore deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineUA deleted
C:\Users\Bax2013\AppData\LocalLow\Unity deleted
C:\Windows\Reimage.ini deleted
C:\Windows\Wininit.ini deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\REN507B.tmp deleted
C:\Windows\Syswow64\RENDD4E.tmp deleted
C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br deleted
C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default\searchplugins\google-avast.xml deleted
"C:\Users\Bax2013\AppData\Roaming\.ptbt1" deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\Bax2013Ffl2.dat" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\Bax2013\kv_pam.db" not deleted
"C:\Users\LUK~1\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software" not deleted
"C:\Users\LUK~1\AppData\Local\AVAST Software" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\Bax2013" not deleted
"C:\Users\LUK~1\AppData\Local\AVAST Software\APM" not deleted
==== Orphaned Tasks deleted from Registry ======================
AvastUpdateTaskMachineCore deleted
AvastUpdateTaskMachineUA deleted
{58FFBB8E-F089-48F5-AE74-656577892D68} deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\0zymj2qe.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\SeaMonkey\Profiles\33ohs5rz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\slky63mv.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"
web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [13. 06. 2018 07:50]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"
mozilla_cc2@internetdownloadmanager.com"="C:\Program Files\Internet Download Manager\idmmzcc2.xpi" [09. 11. 2015 14:09]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\0zymj2qe.default
- Undetermined - C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default\extensions\
arthurj8283@gmail.com
- Undetermined - C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default\extensions\
arthurj8283@gmail.com
- Undetermined - %ProfilePath%\extensions\1452897898_xpi
- xRocket Toolbar - %ProfilePath%\extensions\
arthurj8283@gmail.com
- Slovak SK Language Pack - %ProfilePath%\extensions\
langpack-sk@firefox.mozilla.org.xpi
- S3.Google Translator - %ProfilePath%\extensions\
s3google@translator.xpi
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\41A66E7E5EE1
- S3.Google Translator - %ProfilePath%\extensions\
s3google@translator.xpi
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Firefox\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
- S3.Google Translator - %ProfilePath%\extensions\
s3google@translator.xpi
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default
- short_ FoxyProxy Standard - %ProfilePath%\extensions\
foxyproxy@eric.h.jung.xpi
- __MSG_extName__ - %ProfilePath%\extensions\
helper-sig@savefrom.net.xpi
- short_ isdownloader - %ProfilePath%\extensions\
jid1-hnmMaq1milpehc6uI@jetpack.xpi
- short_ __MSG_extension_name__ - %ProfilePath%\extensions\
s3google@translator.xpi
- short_ Vimeo Free Downloader - %ProfilePath%\extensions\{0042f50c-7bcb-4349-8ba9-db2fc901abf2}.xpi
- Video DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax
- S3.Google Translator - %ProfilePath%\extensions\
s3google@translator.xpi
ProfilePath: C:\Users\Bax2013\AppData\Roaming\Mozilla\SeaMonkey\Profiles\33ohs5rz.default
- DOM - %ProfilePath%\extensions\
inspector@mozilla.org
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- ChatZilla Slovak SK Language Pack - %ProfilePath%\extensions\
langpack-sk@chatzilla.mozilla.org.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\slky63mv.default
- Undetermined - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\slky63mv.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
==== Firefox Plugins ======================
Profilepath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\0zymj2qe.default
D50273B271367AAC25C33499B3ED41B4 - C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U201
6CDCEC90789C2C34DD3CEF48490FC291 - C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.2010.9
- D:\PROGRA1\MICROS1\Office14\NPAUTHZ.DLL - [?]
- C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - [?]
- C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - [?]
- C:\Users\Bax2013\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - [?]
- C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - [?]
- C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - [?]
Profilepath: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax
- D:\Program Files x86\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - [?]
- D:\Program Files x86\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - [?]
- C:\Program Files x86\VideoLAN\VLC\npvlc.dll - [?]
- C:\Program Files x86\Google\Update\1.3.31.5\npGoogleUpdate3.dll - [?]
- C:\PROGRA2\MICROS1\Office14\NPAUTHZ.DLL - [?]
- C:\PROGRA2\MICROS1\Office14\NPSPWRAP.DLL - [?]
- C:\Program Files x86\Microsoft Silverlight\5.1.50428.0\npctrl.dll - [?]
- C:\Program Files x86\Java\jre1.8.0_91\bin\plugin2\npjp2.dll - [?]
- C:\Program Files x86\Java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll - [?]
- C:\Program Files x86\Intel\IntelR Management Engine Components\IPT\npIntelWebAPIIPT.dll - [?]
- C:\Program Files x86\Intel\IntelR Management Engine Components\IPT\npIntelWebAPIUpdater.dll - [?]
- C:\Program Files x86\Google\Google Earth\plugin\npgeplugin.dll - [?]
- C:\Program Files x86\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - [?]
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
8560995C727974F27F2A1CE68909FEB9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll - Shockwave Flash
8EE818FCDD262C6B5BFF6905590172CC - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll - Shockwave Flash
0FC325593893749364EC4A733E7D9100 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - [?]
- C:\Program Files x86\Microsoft Silverlight\5.1.50428.0\npctrlui.dll - [?]
==== Chromium Look ======================
Google Chrome Version: 72.0.3626.109
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[05. 09. 2013 15:04]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files\Internet Download Manager\IDMGCExt.crx[10. 07. 2015 23:24]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
dhdgffkkebhmkfjojejmpbldmpobfkfo - No path found[]
Session Manager - Bax2013\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi
Tampermonkey - Bax2013\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
2D Browsing - Bax2013\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphanbnlcfcbobmblghaphehjhkmhalm
Chrome Media Router - Bax2013\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Session Manager - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi
Tampermonkey - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Avast Online Security - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
Mixcloud Downloader - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcacjajhaajmpeladcjdbgghfgfamome
VLC - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhafecgfkakfbhlbjffclfaomoliicpm
2D Browsing - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lphanbnlcfcbobmblghaphehjhkmhalm
IDM Integration Module - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Facebook private image downloader - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\njlhmhgfppkgekomfbjggpomhlhaaplm
Chrome Media Router - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Avast Online Security - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki
IDM Integration Module - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Media Router - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Tampermonkey - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Avast Online Security - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Tampermonkey - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Avast Online Security - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki
IDM Integration Module - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Media Router - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Seznam doplněk - Email - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Tampermonkey - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Avast Online Security - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gomekmidlodglbbmalcneegieacbdmki
IDM Integration Module - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Media Router - Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Seznam doplněk - Email - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Avast Online Security - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
IDM Integration Module - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Seznam doplněk - Esko - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
==== Chromium Fix ======================
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Local Extension Settings\gomekmidlodglbbmalcneegieacbdmki deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="
https://www.google.com/?bcutc=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="
https://www.google.com/?bcutc=sp-006"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="
http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="
http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="
http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} -
http://www.attirerpage.com/search/?type ... earchTerms}
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} -
http://www.google.com/search?q={searchT ... urceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} -
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} -
http://www.attirerpage.com/search/?type ... earchTerms}
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} -
http://www.google.com/search?q={searchT ... urceid=ie7
HKLM\Wow6432Node\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} -
https://www.google.com/search?bcutc=sp- ... earchTerms}
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} -
http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} -
http://www.google.com/search?q={searchT ... GB_skSK593
HKCU\SearchScopes\{7C2125E8-9F7D-4920-8D4F-AAAB3D2F2604} -
http://www.bing.com/search?FORM=U453DF& ... -SearchBox
HKCU\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} - No_Url_Value
HKCU\SearchScopes\{A6233F30-FF20-4B7E-94A4-59C1DE7531E9} -
http://tv.seznam.cz/hledej?w={searchTer ... arch_29530
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} -
https://www.google.com/search?bcutc=sp- ... earchTerms}
==== Reset Google Chrome ======================
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgbak was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Guest Profile\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Guest Profile\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences.bad was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferencesgbak was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Secure Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\System Profile\Preferences was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\System Profile\Secure Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bax2013\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Bax2013\Appdata\Roaming\Opera Software\Opera Stable\Preferences.backup was reset successfully
C:\Users\Bax2013\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences was reset successfully
C:\Users\Bax2013\Appdata\Roaming\Opera Software\Opera Stable\Secure Preferences.backup was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Web Datagbak was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Guest Profile\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Web Datagbak was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data-journal was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data-journal was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Web Data was reset successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\System Profile\Web Data was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Bax2013\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Bax2013\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bax2013\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\LUK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Bax2013\AppData\Local\Mozilla\Firefox\Profiles\0zymj2qe.default\cache2 emptied successfully
C:\Users\Bax2013\AppData\Local\Mozilla\Firefox\Profiles\j7euzbtv.default\cache2 emptied successfully
C:\Users\Bax2013\AppData\Local\Mozilla\Firefox\Profiles\x705vbew.Bax\cache2 emptied successfully
C:\Users\Bax2013\AppData\Local\Mozilla\SeaMonkey\Profiles\33ohs5rz.default\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Mozilla\SeaMonkey\Profiles\33ohs5rz.default\cache2 emptied successfully
C:\Users\LUK~1\AppData\Local\Mozilla\Firefox\Profiles\slky63mv.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Bax2013\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Guest Profile\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\Profile 7\Cache emptied successfully
C:\Users\Bax2013\AppData\Local\Google\Chrome\User Data\System Profile\Cache emptied successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=4008 folders=1577 752133236 bytes)
==== Empty Temp Folders ======================
C:\Users\Bax2013\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\LUK~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\Bax2013Ffl2.dat" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software\APM\Bax2013\kv_pam.db" not deleted
"C:\Users\LUK~1\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\Bax2013\AppData\Local\AVAST Software" not deleted
"C:\Users\LUK~1\AppData\Local\AVAST Software" not deleted
==== EOF on çt 21. 02. 2019 at 15:36:34,29 ======================
-----------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64
Ran by Bax2013 (Administrator) on çt 21. 02. 2019 at 15:38:57,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\Users\Bax2013\AppData\Local\pdfforge (Folder)
Successfully deleted: C:\Users\Bax2013\AppData\Roaming\Mozilla\Firefox\Profiles\x705vbew.Bax\user.js (File)
Registry: 3
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\A-ToolBar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on çt 21. 02. 2019 at 15:41:22,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~