prosim o kontrolu logu - ntb v katastrofalnim stavu

[lin]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:07:53, on 21.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\David\AppData\Local\iconplaysndsrvSched\remotesambaRecovery.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6C2115E1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:11561
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {93a3111f-4f74-4ed8-895e-d9708497629e} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - (no file)
O2 - BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - (no file)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Valve\Steam\steam.exe" -silent
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iconplaysndsrvSched.exe - Unknown owner - C:\Users\David\AppData\Local\iconplaysndsrvSched\iconplaysndsrvSched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: PirritDesktop - Unknown owner - C:\Users\David\AppData\Local\PirritSuggestor\PirritService.exe (file missing)
O23 - Service: PirritUpdater - Unknown owner - C:\Program Files (x86)\Pirrit\AutoUpdater.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: registerusbceipBckp - Unknown owner - C:\windows\SysWOW64\registerusbceipBckp\registerusbceipBckp.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VideoDownloadConverterService (VideoDownloadConverter_4zService) - COMPANYVERS_NAME - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: wauctla Service - Unknown owner - C:\windows\wauctla.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10539 bytes

[Reklama]

[lin]

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 18:16:52
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Downloads\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

Service Found : PirritDesktop
Service Found : PirritUpdater
Service Found : RegFltrX64
Service Found : VideoDownloadConverter_4zService
Service Found : WinRST
Service Found : wauctla Service

***** [ Files / Folders ] *****

File Found : C:\windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Cinemax
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\edealpop
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\GotClip
Folder Found : C:\Program Files (x86)\SmartTweak
Folder Found : C:\Program Files (x86)\VideoDownloadConverter_4z
Folder Found : C:\Program Files (x86)\WinRST
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinemax
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
Folder Found : C:\Users\David\AppData\Local\GamePlayLabs Plugin
Folder Found : C:\Users\David\AppData\Local\globalUpdate
Folder Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Folder Found : C:\Users\David\AppData\Local\WinRST
Folder Found : C:\Users\David\AppData\LocalLow\blekko
Folder Found : C:\Users\David\AppData\LocalLow\Conduit
Folder Found : C:\Users\David\AppData\LocalLow\PriceGong
Folder Found : C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z
Folder Found : C:\Users\David\AppData\Roaming\eCyber
Folder Found : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Folder Found : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Found : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\suggestor@suggestor.pirrit.com.xpi
Folder Found : C:\Users\David\AppData\Roaming\Pirrit
Folder Found : C:\Users\David\AppData\Roaming\RHEng
Folder Found : C:\Users\David\AppData\Roaming\Systweak

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:11117
Key Found : HKCU\Software\5bedddbb238ba12
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Found : HKCU\Software\Cinemax
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\GamePlayLabs
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA6A4BC8-9152-4747-91B6-E46811DED401}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Webplayer
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Cinemax
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\dt soft\daemon tools toolbar
Key Found : [x64] HKCU\Software\GamePlayLabs
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA6A4BC8-9152-4747-91B6-E46811DED401}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Pirrit
Key Found : HKLM\SOFTWARE\RST
Key Found : HKLM\SOFTWARE\SI-App
Key Found : HKLM\SOFTWARE\Upt
Key Found : HKLM\SOFTWARE\VideoDownloadConverter_4z
Key Found : HKLM\SOFTWARE\WinUpd
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : [x64] HKLM\SOFTWARE\Pirrit
Key Found : [x64] HKLM\SOFTWARE\RST
Key Found : [x64] HKLM\SOFTWARE\SI-App
Key Found : [x64] HKLM\SOFTWARE\Upt
Key Found : [x64] HKLM\SOFTWARE\WinUpd
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v


-\\ Google Chrome v

[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://blekko.com/ws/?source=5f97ddbe&t ... 9268847&q={searchTerms}&r=535
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [13625 bytes] - [21/02/2015 18:16:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13685 bytes] ##########

[lin]

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 18:16:52
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Downloads\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

Service Found : PirritDesktop
Service Found : PirritUpdater
Service Found : RegFltrX64
Service Found : VideoDownloadConverter_4zService
Service Found : WinRST
Service Found : wauctla Service

***** [ Files / Folders ] *****

File Found : C:\windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Cinemax
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\edealpop
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\GotClip
Folder Found : C:\Program Files (x86)\SmartTweak
Folder Found : C:\Program Files (x86)\VideoDownloadConverter_4z
Folder Found : C:\Program Files (x86)\WinRST
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinemax
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
Folder Found : C:\Users\David\AppData\Local\GamePlayLabs Plugin
Folder Found : C:\Users\David\AppData\Local\globalUpdate
Folder Found : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Folder Found : C:\Users\David\AppData\Local\WinRST
Folder Found : C:\Users\David\AppData\LocalLow\blekko
Folder Found : C:\Users\David\AppData\LocalLow\Conduit
Folder Found : C:\Users\David\AppData\LocalLow\PriceGong
Folder Found : C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z
Folder Found : C:\Users\David\AppData\Roaming\eCyber
Folder Found : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Folder Found : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Found : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\suggestor@suggestor.pirrit.com.xpi
Folder Found : C:\Users\David\AppData\Roaming\Pirrit
Folder Found : C:\Users\David\AppData\Roaming\RHEng
Folder Found : C:\Users\David\AppData\Roaming\Systweak

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:11117
Key Found : HKCU\Software\5bedddbb238ba12
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Found : HKCU\Software\Cinemax
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\GamePlayLabs
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA6A4BC8-9152-4747-91B6-E46811DED401}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\smarttweak
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Webplayer
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Cinemax
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\dt soft\daemon tools toolbar
Key Found : [x64] HKCU\Software\GamePlayLabs
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA6A4BC8-9152-4747-91B6-E46811DED401}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Found : [x64] HKCU\Software\OCS
Key Found : [x64] HKCU\Software\smarttweak
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Webplayer
Key Found : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Pirrit
Key Found : HKLM\SOFTWARE\RST
Key Found : HKLM\SOFTWARE\SI-App
Key Found : HKLM\SOFTWARE\Upt
Key Found : HKLM\SOFTWARE\VideoDownloadConverter_4z
Key Found : HKLM\SOFTWARE\WinUpd
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Found : [x64] HKLM\SOFTWARE\Pirrit
Key Found : [x64] HKLM\SOFTWARE\RST
Key Found : [x64] HKLM\SOFTWARE\SI-App
Key Found : [x64] HKLM\SOFTWARE\Upt
Key Found : [x64] HKLM\SOFTWARE\WinUpd
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v


-\\ Google Chrome v

[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://blekko.com/ws/?source=5f97ddbe&t ... 9268847&q={searchTerms}&r=535
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [13625 bytes] - [21/02/2015 18:16:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13685 bytes] ##########

[lin]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.2.2015
Scan Time: 18:21:06
Logfile: a.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.06
Rootkit Database: v2015.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380379
Time Elapsed: 25 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Backdoor.Bot, C:\Windows\wauctla.exe, 2164, , [2af01d045238c96da324f132e51dcf31]
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\WinRST.exe, 2232, , [ae6c6ab7a9e1e254dcd81db325dec43c]

Modules: 4
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\msvcp100.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\msvcr100.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\QtCore4.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\QtNetwork4.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],

Registry Keys: 33
PUP.Optional.AudioToAudioToolBar.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\VideoDownloadConverter_4zService, , [31e941e0b4d668ce36f70e286898d729],
Backdoor.Bot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wauctla Service, , [2af01d045238c96da324f132e51dcf31],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{03119103-0854-469D-807A-171568457991}, , [79a10d14a0eac86e97128abdbd468878],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, , [79a10d14a0eac86e97128abdbd468878],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23119123-0854-469D-807A-171568457991}, , [79a10d14a0eac86e97128abdbd468878],
PUP.Optional.MyScrapNook.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03119103-0854-469D-807A-171568457991}, , [79a10d14a0eac86e97128abdbd468878],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{312f84fb-8970-4fd3-bddb-7012eac4afc9}, , [7b9fb869c1c967cf64a20010c83bd62a],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{c547c6c2-561b-4169-a2a5-20ba771ca93b}, , [ce4c24fdbbcf6dc96b9dd838e81bf709],
PUP.Adware.Gotclip.ScamLotto, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GotClip, , [b367a67b6d1d0333d9faa406e31d9e62],
PUP.Optional.WinRST.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinRST, , [ae6c6ab7a9e1e254dcd81db325dec43c],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\52b68f7af55782162ab1be104303d865.exe, , [ba608e935535999db4a50ef845bfb54b],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\57e531de37d9df8a651d86f019e262c3.exe, , [b2689a8711793afcb7a2a26423e19f61],
PUP.Optional.CopyMinimalNative.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CopyMinimalNative.exe, , [e1391c05800a49ed1c9aad0ca75ca55b],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [c3579d8462280e2855ece4e0b053f808],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\VideoDownloadConverter_4z, , [d34747da62288da99d9e3cd536cf6898],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj, , [0e0c4bd696f494a2c389a129b84bb050],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj, , [bc5e829fe7a3f83efd5095354bb8cd33],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, , [8793b0712367c2741737be0cbf44867a],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp, , [8991e0417911bd7988c7d2f8d92ab947],
PUP.Optional.SettingsProtector.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgafcinpmmpklohkojmllohdhomoefph, , [c8522cf50486a88ea603029d7c874db3],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\52b68f7af55782162ab1be104303d865.exe, , [c4568f92ed9d082e26331ee833d10ff1],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\57e531de37d9df8a651d86f019e262c3.exe, , [4bcfe839b1d92e0869f018eeab59b24e],
PUP.Optional.CopyMinimalNative.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CopyMinimalNative.exe, , [5dbdab760e7cce68a5113287b251e61a],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@VideoDownloadConverter_4z.com/Plugin, , [f52544ddd4b656e070eb408bac574db3],
PUP.Optional.Pirrit.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PirritDesktop, , [27f3da47e7a3bb7bd2bea329ea195da3],
PUP.Optional.AppsHat.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Apps Hat, , [ca50cf52a0ea96a088bd5286729140c0],
PUP.Optional.InternetSpeedChecker, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Internet Speed Checker, , [b06aa67bdfaba690cb5bb7fece357c84],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [2af055ccf298ea4cf65c48ae897b847c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [d2480e132565fe38297069a1be472bd5],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [54c68d94107a50e677d4366e36cd17e9],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [77a3ed34187232049d9dc5513acba15f],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\VideoDownloadConverter_4z, , [d446c65b3951b3835ea64185857ebf41],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, , [7e9c80a12e5c72c4ba5895677e8640c0],

Registry Values: 7
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, , [9684b0711f6ba4929770b45c08fb9c64],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, %dXH·kQOA¤Ä?8Ä?A1>»X, , [9684b0711f6ba4929770b45c08fb9c64]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{48586425-6BB7-4F51-8DC6-38C88E3EBB58}, , [9684b0711f6ba4929770b45c08fb9c64],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{93a3111f-4f74-4ed8-895e-d9708497629e}, , [ff1bef3217735adc4cba12fcfc07ad53],
PUP.Optional.Mindspark.A, HKU\S-1-5-21-1117231988-2679811571-462389650-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{93A3111F-4F74-4ED8-895E-D9708497629E}, , [ff1bef3217735adc4cba12fcfc07ad53],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}, , [c45643de9cee2b0b10f79c74ce35d729],
PUP.Optional.WinRST.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRST|ImagePath, C:\Program Files (x86)\WinRST\WinRST.exe, , [b466fb265d2d1f172c876e6228db53ad]

Registry Data: 0
(No malicious items detected)

Folders: 16
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.PriceGong.A, C:\Users\David\AppData\LocalLow\PriceGong, , [5cbe72afc4c6fe38983ce9740201e51b],
PUP.Optional.PriceGong.A, C:\Users\David\AppData\LocalLow\PriceGong\Data, , [5cbe72afc4c6fe38983ce9740201e51b],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\VideoDownloadConverter_4z, , [5cbeb9688cfe989e555885dc36cd04fc],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\VideoDownloadConverter_4z\bar, , [5cbeb9688cfe989e555885dc36cd04fc],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin, , [5cbeb9688cfe989e555885dc36cd04fc],
PUP.Optional.GamePlayLabs.A, C:\Users\David\AppData\Local\GamePlayLabs Plugin, , [57c30021a9e1c76fbd7a3b2ca360d030],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\History, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.SpamFreeSearch.A, C:\Users\David\AppData\LocalLow\blekko\spamfreesearch, , [140641e0c5c5f93d5f871a68ce35f010],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop, , [cf4be9388dfd8babb3035b3415eead53],

Files: 30
PUP.Optional.AudioToAudioToolBar.A, C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe, , [31e941e0b4d668ce36f70e286898d729],
Backdoor.Bot, C:\Windows\wauctla.exe, , [2af01d045238c96da324f132e51dcf31],
PUP.Adware.Gotclip.ScamLotto, C:\Program Files (x86)\GotClip\Uninstall.exe, , [b367a67b6d1d0333d9faa406e31d9e62],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\msvcp100.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\msvcr100.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\QtCore4.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\QtNetwork4.dll, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.WinRST.A, C:\Program Files (x86)\WinRST\WinRST.exe, , [ae6c6ab7a9e1e254dcd81db325dec43c],
PUP.Optional.PirritSuggestor.A, C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\suggestor@suggestor.pirrit.com.xpi, , [7d9d859c236738fe1fb3963a986b01ff],
PUP.Optional.PriceGong.A, C:\Users\David\AppData\LocalLow\PriceGong\Data\mru.xml, , [5cbe72afc4c6fe38983ce9740201e51b],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\T8RES.DLL, , [5cbeb9688cfe989e555885dc36cd04fc],
PUP.Optional.GamePlayLabs.A, C:\Users\David\AppData\Local\GamePlayLabs Plugin\setup.ini, , [57c30021a9e1c76fbd7a3b2ca360d030],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C331C, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C3657, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C37ED.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C3944.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C39FF.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C3A7C.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C3BA4.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C3C8E.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\025C3D0B.bmp, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Cache\files.ini, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\History\search3, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\bar\Settings\prevcfg2.htm, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties206581960.html, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\PopupProperties206581966.html, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\Radio.html, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.MindSpark.A, C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z\VideoDownloadConverter_4z\Cache\VideosBtn.html, , [39e1ba67c1c984b2fae5432743c09f61],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\unins000.dat, , [cf4be9388dfd8babb3035b3415eead53],
PUP.Optional.eDealsPop.A, C:\Program Files (x86)\eDealPop\unins000.exe, , [cf4be9388dfd8babb3035b3415eead53],

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[lin]

# AdwCleaner v4.111 - Logfile created 22/02/2015 at 10:53:28
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PirritDesktop
[#] Service Deleted : PirritUpdater
[#] Service Deleted : RegFltrX64
Service Deleted : VideoDownloadConverter_4zService
[#] Service Deleted : WinRST
[#] Service Deleted : wauctla Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinemax
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\SmartTweak
Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter_4z
Folder Deleted : C:\Program Files (x86)\WinRST
Folder Deleted : C:\Program Files (x86)\edealpop
Folder Deleted : C:\Program Files (x86)\Cinemax
Folder Deleted : C:\Program Files (x86)\GotClip
Folder Deleted : C:\Users\David\AppData\Local\GamePlayLabs Plugin
Folder Deleted : C:\Users\David\AppData\Local\globalUpdate
Folder Deleted : C:\Users\David\AppData\Local\WinRST
Folder Deleted : C:\Users\David\AppData\LocalLow\blekko
Folder Deleted : C:\Users\David\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\David\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\David\AppData\LocalLow\VideoDownloadConverter_4z
Folder Deleted : C:\Users\David\AppData\Roaming\eCyber
Folder Deleted : C:\Users\David\AppData\Roaming\Pirrit
Folder Deleted : C:\Users\David\AppData\Roaming\Systweak
Folder Deleted : C:\Users\David\AppData\Roaming\RHEng
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
Folder Deleted : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
[!] Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\suggestor@suggestor.pirrit.com.xpi
Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
File Deleted : C:\windows\System32\roboot64.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKCU\Software\5bedddbb238ba12
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF6E4B1C-DBDE-457E-9CEF-AB8ECAC8A5E8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BA6A4BC8-9152-4747-91B6-E46811DED401}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\Cinemax
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Pirrit
Key Deleted : HKLM\SOFTWARE\Upt
Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\WinUpd
Key Deleted : HKLM\SOFTWARE\SI-App
Key Deleted : HKLM\SOFTWARE\RST
Key Deleted : [x64] HKLM\SOFTWARE\Pirrit
Key Deleted : [x64] HKLM\SOFTWARE\Upt
Key Deleted : [x64] HKLM\SOFTWARE\WinUpd
Key Deleted : [x64] HKLM\SOFTWARE\SI-App
Key Deleted : [x64] HKLM\SOFTWARE\RST
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:11117
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v


-\\ Google Chrome v

[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/?source=5f97ddbe&t ... 9268847&q={searchTerms}&r=535
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}

-\\ Opera v0.0.0.0

[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://blekko.com/ws/?source=5f97ddbe&t ... 9268847&q={searchTerms}&r=535
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2612669
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [13901 bytes] - [21/02/2015 18:16:52]
AdwCleaner[R1].txt - [13742 bytes] - [22/02/2015 10:51:42]
AdwCleaner[S0].txt - [13852 bytes] - [22/02/2015 10:53:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13912 bytes] ##########

[lin]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by David on ne 22.02.2015 at 11:07:34,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\windows\s.bat"
Successfully deleted: [File] "C:\windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 22.02.2015 at 11:12:04,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[lin]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22.2.2015
Scan Time: 11:14:00
Logfile: a.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.22.03
Rootkit Database: v2015.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380908
Time Elapsed: 25 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\52b68f7af55782162ab1be104303d865.exe, Quarantined, [95e6120fd4b67eb87780ae58b74d946c],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\57e531de37d9df8a651d86f019e262c3.exe, Quarantined, [ec8f6fb2d2b8aa8c48afea1c32d255ab],
PUP.Optional.CopyMinimalNative.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CopyMinimalNative.exe, Quarantined, [ef8c39e8ee9cee4870e410aa1ce7f50b],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\52b68f7af55782162ab1be104303d865.exe, Quarantined, [89f2160b088269cd30c755b130d4dc24],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\57e531de37d9df8a651d86f019e262c3.exe, Quarantined, [1e5d6ab7ed9de6504ea96a9ceb19e917],
PUP.Optional.CopyMinimalNative.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CopyMinimalNative.exe, Quarantined, [3843da478208ed49ec6893277f84c937],
PUP.Optional.AppsHat.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Apps Hat, Quarantined, [81faea372c5e2f073ca77266bd46718f],
PUP.Optional.InternetSpeedChecker, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Internet Speed Checker, Quarantined, [a5d60f128802ad89695b9c190cf78779],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Backdoor.Bot, C:\Windows\wauctla.exe, Quarantined, [cdae0b16addd6ccab43242e111f1d62a],
Worm.Traces, C:\a.txt, Quarantined, [c3b8cc55b8d2f14577f19d8361a3956b],

Physical Sectors: 0
(No malicious items detected)


(end)

[lin]

RogueKiller V10.4.1.0 (x64) [Feb 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David [Administrator]
Mode : Delete -- Date : 02/22/2015 12:14:51

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] iconplaysndsrvSched.exe(1752) -- C:\Users\David\AppData\Local\iconplaysndsrvSched\iconplaysndsrvSched.exe[-] -> Killed [TermProc]
[Suspicious.Path] remotesambaRecovery.exe(1624) -- C:\Users\David\AppData\Local\iconplaysndsrvSched\remotesambaRecovery.exe[-] -> Killed [TermProc]
[Suspicious.Path] (SVC) iconplaysndsrvSched.exe -- C:\Users\David\AppData\Local\iconplaysndsrvSched\iconplaysndsrvSched.exe[-] -> ERROR [41c]

¤¤¤ Registry : 25 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iconplaysndsrvSched.exe -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RgFltX64 -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iconplaysndsrvSched.exe -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RgFltX64 -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iconplaysndsrvSched.exe -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RgFltX64 -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1117231988-2679811571-462389650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 0 -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1117231988-2679811571-462389650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 0 -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1117231988-2679811571-462389650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11345 -> ERROR [0]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1117231988-2679811571-462389650-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:11345 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1117231988-2679811571-462389650-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1117231988-2679811571-462389650-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{78A85438-4946-4033-8F2B-381BF70CD94B} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A69F0438-F146-4F81-8846-6A5A30D8B305} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{78A85438-4946-4033-8F2B-381BF70CD94B} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A69F0438-F146-4F81-8846-6A5A30D8B305} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{78A85438-4946-4033-8F2B-381BF70CD94B} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A69F0438-F146-4F81-8846-6A5A30D8B305} | DhcpNameServer : [(Private Address) (XX)] -> Replaced ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FIREFX:Addon] 5kzgberq.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-24A0RT0 +++++
--- User ---
[MBR] 81352e2fd35c41771d0a0cd1513861f5
[BSP] bb985a75e1fd8f2d2c990f1c7f192b74 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_02222015_121349.log - RKreport_DEL_02222015_121448.log

[Orcus]

V RogueKilleru si nic odstraňovat neměl.

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

[lin]

Zoek.exe v5.0.0.0 Updated 22-February-2015
Tool run by David on ne 22.02.2015 at 12:19:29,42.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 12:20:37,19 =====

--- Create Environment Variables 12:20:38,41
--- Create System Restore Point 12:20:44,75
--- Checking Input 12:21:25,40
--- Reset Hosts File 12:21:36,27
--- AU AppData Check 12:21:37,03
--- Remove From Windows Installer 12:21:40,09
--- Empty Folders Check 12:22:44,65
--- Registry HKLM Software Check 12:22:44,76
--- Quick Launch Shortcut Check 12:23:01,68
--- IE Startpage Check 12:23:04,81
--- Program Files DB Check 12:23:31,37
--- C:\Users\David\AppData\Roaming DB Check 12:24:16,72
--- C:\Users\Default\AppData\Roaming DB Check 12:24:16,72
--- C:\Users\Default User\AppData\Roaming DB Check 12:24:16,72
--- C:\Users\UpdatusUser\AppData\Roaming DB Check 12:24:16,72
--- C:\windows\SysNative\config\systemprofile\AppData\Roaming DB Check 12:24:16,72
--- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 12:24:16,72
--- C:\windows\serviceprofiles\networkservice\AppData\Roaming DB Check 12:24:16,72
--- C:\windows\serviceprofiles\Localservice\AppData\Roaming DB Check 12:24:16,72
--- C:\Users\David DB Check 12:26:42,12
--- C:\PROGRA~3 DB Check 12:26:58,90
--- C:\Users\David\AppData\Local DB Check 12:27:03,96
--- C:\Users\Default\AppData\Local DB Check 12:27:03,96
--- C:\Users\Default User\AppData\Local DB Check 12:27:03,96
--- C:\Users\UpdatusUser\AppData\Local DB Check 12:27:03,96
--- C:\windows\SysNative\config\systemprofile\AppData\Local DB Check 12:27:03,96
--- C:\windows\sysWoW64\config\systemprofile\AppData\Local DB Check 12:27:03,96
--- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check 12:27:03,96
--- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check 12:27:03,96
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 12:28:44,76
--- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 12:28:53,74
--- Tasks DB Check 12:28:59,76
--- Downloads DB Check 12:29:03,45
--- C:\Users\David\AppData\LocalLow DB Check 12:29:07,84
--- C:\Users\UpdatusUser\AppData\LocalLow DB Check 12:29:07,84
--- C:\windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 12:29:07,84
--- C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 12:29:07,84
--- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 12:29:07,84
--- Tasks2 DB Check 12:29:58,45
--- Documents DB Check 12:30:25,38
--- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\5kzgberq.default DB Check 12:30:32,65
--- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\extensions DB Check 12:30:32,65
--- C:\Users\Public\Desktop DB Check 12:30:37,19
--- C:\Users\David\Desktop DB Check 12:30:42,15
--- Services DB Check 12:30:49,82
--- FF prefs.js DB Check 12:31:26,71
--- Emptyclsid 12:32:44,76
--- Del by CLSID 12:32:47,76
--- Delete Services 12:33:38,75
--- Firefox Fix 12:33:58,32
--- Delete files\folders 12:34:00,05
--- Create Backups 12:34:00,16
--- Firefox Extensions 12:34:12,68

[lin]

Zdá se, že v pohodě. Děkuji!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:42:06, on 22.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\David\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Valve\Steam\steam.exe" -silent
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8956 bytes