Prosim o kontrolu logu- avast casto hlasi infekci Vyřešeno

[Leo18]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:23, on 26.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\YTDownloader\YTDownloader.exe
C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\Zdeněk\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Multimedia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: e105fff0f3e80131b6584734478597d40061911 - {11111111-1111-1111-1111-110611191111} - C:\Program Files\Ge-Force\Ge-Force-bho.dll (file missing)
O2 - BHO: cb53b500f3e90131a6091fb939dcadf40061915 - {11111111-1111-1111-1111-110611191115} - C:\Program Files\Sense\Sense-bho.dll (file missing)
O2 - BHO: eee1ef70083a013208d37190b1a6e5ef0063429 - {11111111-1111-1111-1111-110611341129} - C:\Program Files\SavePass 1.1\SavePass 1.1-bho.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKCU\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 4249 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Leo18]

AdwCleaner v3.310 - Report created 26/09/2014 at 15:54:22
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Zdeněk - ZDENEK-PC
# Running from : C:\Users\Zdeněk\Desktop\čištění Pc\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****

Service Found : sbmntr

***** [ Files / Folders ] *****

File Found : C:\Users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\searchplugins\trovi-search.xml
File Found : C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\searchplugins\trovi-search.xml
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\Program Files\Sense
Folder Found : C:\Program Files\YTDownloader
Folder Found : C:\Users\Multimedia\AppData\Local\Math Problem Solver
Folder Found : C:\Users\Multimedia\AppData\Local\SearchProtect
Folder Found : C:\Users\Zdeněk\AppData\Local\globalUpdate
Folder Found : C:\Users\Zdeněk\AppData\Local\SearchProtect

***** [ Scheduled Tasks ] *****

Task Found : SMupdate1
Task Found : YTDownloader
Task Found : 05c131b6-5673-4a9c-95f2-dbaad19a7cd4
Task Found : 28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-1
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-11
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-2
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-3
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-4
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-5
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-5_user
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-6
Task Found : 317f4595-71de-4252-9d83-12826e7edf97-7
Task Found : a82de225-8fdf-4901-a280-cc6789149059-1
Task Found : a82de225-8fdf-4901-a280-cc6789149059-11
Task Found : a82de225-8fdf-4901-a280-cc6789149059-2
Task Found : a82de225-8fdf-4901-a280-cc6789149059-4
Task Found : a82de225-8fdf-4901-a280-cc6789149059-5
Task Found : a82de225-8fdf-4901-a280-cc6789149059-5_user
Task Found : a82de225-8fdf-4901-a280-cc6789149059-6
Task Found : a82de225-8fdf-4901-a280-cc6789149059-7
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-1
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-11
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-2
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-4
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-5
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-5_user
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-6
Task Found : e504d5d7-66e9-4897-8c4f-2438eaa9df06-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SavePass 1.1
Key Found : HKCU\Software\AppDataLow\Software\SavePass 1.1
Key Found : HKCU\Software\AppDataLow\Software\Sense
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191111}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611341129}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611341129}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192211}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622342229}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622342229}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195511}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655345529}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196611}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666346629}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194411}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194411}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644344429}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644344429}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191111}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611341129}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611341129}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\SavePass 1.1
Key Found : HKLM\SOFTWARE\SavePass 1.1
Key Found : HKLM\SOFTWARE\Sense

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 cs)

[ File : C:\Users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M292F3205-56B9-407C-B497-76AB0C6EDEBB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPE54F61D2-E9AF-483[...]

[ File : C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=M7F04DAED-A6A6-4454-8041-7EBDB95A7A43&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP224A2E92-4F01-4D2[...]
Line Found : user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22[...]
Line Found : user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22[...]
Line Found : user_pref("extensions.crossrider.bic", "148ad61071a4f1ed1860447361e75503");

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11932 octets] - [26/09/2014 15:54:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11993 octets] ##########

[Leo18]

alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26.9.2014
Scan Time: 15:57:20
Logfile: mal.log
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.26.05
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ZdenÄ?k

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312714
Time Elapsed: 8 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652.exe, 1300, , [f14c975b4c2fd75fcd216894966ce31d]

Modules: 0
(No malicious items detected)

Registry Keys: 28
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, , [e756fdf58eed79bd96f2c2090bf7f60a],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [e756fdf58eed79bd96f2c2090bf7f60a],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [e756fdf58eed79bd96f2c2090bf7f60a],
PUP.Optional.Sense.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Sense, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\Ge-Force, , [61dc955d18634ee861a3b7c015ef867a],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1, , [0d30c82a314a55e1ba80e13182816e92],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1-nv, , [60dd4ba7532859dd74c67c96ab588a76],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, , [46f7f7fb6d0ee84ef4345dbbbc47e719],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, , [e6572cc61f5c3cfa71dcd95a788b45bb],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, , [69d4bd350c6f3ef82c21f241a55e2bd5],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, , [e35a12e0cbb08baba3aa2a094db6837d],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [99a4668ccab1f640bd95c2b807fde31d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [9da08b675823d85e9493b3c6d232d32d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [95a8638ff487de5805238beedd27748c],
PUP.Optional.Sense.A, HKLM\SOFTWARE\SENSE\Firefox, , [e35a3cb6a1dad16549f7b18b7c87bf41],
PUP.Optional.Sense.A, HKLM\SOFTWARE\SENSE\IE, , [6fcec42e2754e155053cfe3eff048f71],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\SENSE\INSTALLER, , [9f9e28caec8f8bab60d8062e0df68b75],
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, , [221bdd1523581b1b80860176877d946c],
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass 1.1, , [9aa3e40e4d2ebc7adf5d5ab8f50ebc44],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [76c770824536fd39b1862545040022de],
PUP.Optional.GeForce.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, , [ef4e49a9c6b58da9f115552235cf8779],
PUP.Optional.SavePass.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass 1.1, , [a19c2bc7ff7ce94d64d8ab67c63d22de],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\20891, , [55e81ed4710a73c3942ab15af1124fb1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, , [cb72d2207efdae886d515daed2310ff1],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, , [ee4f3eb41863f93dba0492791ee5fe02],
PUP.Optional.iWebar.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\iWebar, , [6ad36290c2b96dc996dcf448ef14847c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, , [6bd25f930675142262e554bd0102817f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Object Browser, , [69d4549e90ebfa3c21f6bab1f70d36ca],

Registry Values: 2
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, , [46f7f7fb6d0ee84ef4345dbbbc47e719]
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\SENSE\INSTALLER|BundledIe, 1, , [9f9e28caec8f8bab60d8062e0df68b75]

Registry Data: 0
(No malicious items detected)

Folders: 39
PUP.Optional.Sense.A, C:\Program Files\Sense, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect\rep, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect\STG, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\UI, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\UI\rep, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\SearchProtect, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\SearchProtect\rep, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\SearchProtect\STG, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\UI, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\UI\rep, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, , [9ba2b83aabd051e5284d7184f0129769],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, , [9ba2b83aabd051e5284d7184f0129769],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, , [9ba2b83aabd051e5284d7184f0129769],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, , [9ba2b83aabd051e5284d7184f0129769],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, , [9ba2b83aabd051e5284d7184f0129769],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{E383F7B7-5E69-4429-A527-64D64B4466AD}, , [9ba2b83aabd051e5284d7184f0129769],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1, , [f14c975b4c2fd75fcd216894966ce31d],

Files: 164
PUP.Optional.Sense.A, C:\Users\ZdenÄ?k\AppData\Roaming\HTHJAIUU.exe, , [142906ec4e2df83e237bcb91976a669a],
PUP.Optional.Sense.A, C:\Users\ZdenÄ?k\AppData\Roaming\RWYUXR.exe, , [f944faf8f08bfc3aa9f525376899c040],
PUP.Optional.OutBrowse, C:\Users\ZdenÄ?k\Downloads\wolf-creek-2-cze-5653481.exe, , [7ac347ab75069e989331259eb24fdc24],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-1, , [96a7ef032e4d2a0c33f09088ec1743bd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-11, , [4eef8e6492e9b086c0637a9e62a1758b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-2, , [cc7144ae4a31fc3a7da623f51ae9a858],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-3, , [b08df8fa1f5cb97d150e8f895ea554ac],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-4, , [2419bc3658233cfaa87b0018778ca65a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-5, , [48f503ef32498fa7c75c7c9c6f94aa56],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-6, , [41fcac46a4d7e84e9e85ad6b867dc53b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\317f4595-71de-4252-9d83-12826e7edf97-7, , [cf6e3cb6a2d90036160d799ff112e51b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-1, , [4eef549e8af1b4825fc4c454e320e51b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-11, , [b5884fa37308af87e43f021680836f91],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-2, , [a19c1ad8314a50e6e34008108a79946c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-4, , [2716f5fdd5a6b680c85b59bf828123dd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-5, , [26179a58df9c3501b86b8f89ed167c84],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-6, , [65d8a64c44379c9ad44f72a6d82b02fe],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\a82de225-8fdf-4901-a280-cc6789149059-7, , [5edf688aa0db0432b96af028ee1547b9],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-1, , [7fbe2cc68bf0c1752af9b8608c77bf41],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-11, , [72cb9062a0dbd0662cf79682857e6898],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-2, , [f548d12146352f07e73c9781f80b8a76],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-4, , [69d4b73b4a319c9aaf74fa1ea75cf50b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-5, , [de5fbb37017abf772201ac6c9b68936d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-6, , [8db0569c562552e48a99d543a45f857b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-7, , [5edfad45f98249ed5ec50f09ed16d828],
PUP.Optional.Trovi.A, C:\Users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\searchplugins\trovi-search.xml, , [94a9cb27106ba591c8e275b2c142966a],
PUP.Optional.Trovi.A, C:\Users\ZdenÄ?k\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\searchplugins\trovi-search.xml, , [0637777bf289a98df6b48d9ab54ed828],
PUP.Optional.Sense.A, C:\Program Files\Sense\background.html, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\1293297481.mxaddon, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\317f4595-71de-4252-9d83-12826e7edf97.crx, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\317f4595-71de-4252-9d83-12826e7edf97.xpi, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\63b3541f-cb67-472e-844f-c984d1bbde60.crx, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\765de1e4-91cf-4272-b8f0-ca1ccac6af8c.crx, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\765de1e4-91cf-4272-b8f0-ca1ccac6af8c.dll, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\bgNova.html, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\Sense-buttonutil.dll, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\Sense.ico, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.Sense.A, C:\Program Files\Sense\Uninstall.exe, , [1c21ee040d6ead896cd3a597e61ddc24],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\SPTool.dll, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin\uninstall.exe, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [2419d41e700bab8b6d90bfa01fe557a9],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-1.job, , [d766c230bfbc65d12080146250b4d42c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-11.job, , [84b9c23049324beb0e9246308282ef11],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-2.job, , [44f9df137ffc7db9a3fd5e18867ef40c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-3.job, , [d36a549ee19afb3b455bbfb736cec63a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-4.job, , [2d1006ec9fdca6905e427ef85fa5b64a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-5.job, , [cd705c96b0cbaf87ced2e6908f75fb05],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-5_user.job, , [231a31c1aecda195366a05716c9840c0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-6.job, , [82bb33bf344764d20a9610668b790af6],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-7.job, , [82bbda186f0c1e18752b92e4b54f7789],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-1.job, , [1e1f3ab8a2d961d5a6fa9bdb1fe5c13f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-11.job, , [c677ed0598e32d09c9d710666f952ad6],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-2.job, , [e657cf23205b68ce0e92334344c045bb],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-4.job, , [2a13b63c5f1c3105613f5224c83c8c74],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-5.job, , [94a95f932d4e48eeacf4463061a3ee12],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-5_user.job, , [a499e60cceadf04649570a6cdb296a96],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-6.job, , [9da0d61cd3a8b87e5c44fd7934d0966a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\a82de225-8fdf-4901-a280-cc6789149059-7.job, , [65d8fef49be07db90f911e58d034b44c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-1.job, , [71ccbc365922ba7c881877ffb054be42],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-11.job, , [bd80d51d710a53e35050195daa5a20e0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-2.job, , [2617836fd9a279bdccd4601632d26799],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-4.job, , [83baec069ddef442940ca6d0020213ed],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-5.job, , [d36aa64c205b2016613f95e141c3d828],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-5_user.job, , [4af3e909d4a7b185623eee8815ef916f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-6.job, , [96a7678be9922c0af9a71a5c16eef10f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-7.job, , [40fd836f06751d192977c4b216ee956b],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\05c131b6-5673-4a9c-95f2-dbaad19a7cd4.job, , [b984eb07dc9f74c2eb3a4831f90beb15],
PUP.Optional.CrossRider.A, C:\Windows\Tasks\28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652.job, , [7bc2bb3794e759dd949172074bb9867a],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652, , [b8851bd77b00ab8b86a03f3a40c435cb],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect\CRASH_DUMP_P3440_T1892_D2014_09_07_T13_02_35.dmp, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect\CRASH_REPORT_P3440_T1892_D2014_09_07_T13_02_39.txt, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\Multimedia\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [cd7019d9037874c242f1678ad230bc44],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.SearchProtect.A, C:\Users\ZdenÄ?k\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [3d00ee049cdf0a2c87ac866bbb475aa6],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\e504d5d7-66e9-4897-8c4f-2438eaa9df06.xpi, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\1293297481.mxaddon, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\background.html, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\bgNova.html, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\cc82974a-9ab3-49a6-8e64-a076a315f670.crx, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\e504d5d7-66e9-4897-8c4f-2438eaa9df06.crx, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\Ge-Force.ico, , [c974f6fcadce66d0031bc333ce349967],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\03607242-9587-45f2-9936-aaa84fb723ae.crx, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\1293297481.mxaddon, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652.exe, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\a82de225-8fdf-4901-a280-cc6789149059.crx, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\a82de225-8fdf-4901-a280-cc6789149059.xpi, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\background.html, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\bgNova.html, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\SavePass 1.1.ico, , [f14c975b4c2fd75fcd216894966ce31d],
PUP.Optional.Trovi.A, C:\Users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M292F3205-56B9-407C-B497-76AB0C6EDEBB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPE54F61D2-E9AF-483F-BB50-256E243F1251");), ,[4cf1ca28d7a48ea8ee7dc879b84d7789]
PUP.Optional.Trovi.A, C:\Users\ZdenÄ?k\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=M7F04DAED-A6A6-4454-8041-7EBDB95A7A43&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP224A2E92-4F01-4D2E-8F31-9EAEFC149522");), ,[65d84ca67704ee48b5b60839d82d19e7]
PUP.Optional.CrossRider.A, C:\Users\ZdenÄ?k\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "148ad61071a4f1ed1860447361e75503");), ,[4df0ea08e992290dd8f393aecb3aa25e]

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Leo18]

# AdwCleaner v3.310 - Report created 26/09/2014 at 22:17:12
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Zdeněk - ZDENEK-PC
# Running from : C:\Users\Zdeněk\Desktop\čištění Pc\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : sbmntr

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Sense
Folder Deleted : C:\Program Files\YTDownloader
Folder Deleted : C:\Users\Multimedia\AppData\Local\Math Problem Solver
Folder Deleted : C:\Users\Multimedia\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Zdeněk\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Zdeněk\AppData\Local\SearchProtect
File Deleted : C:\Users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\searchplugins\trovi-search.xml
File Deleted : C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\searchplugins\trovi-search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : SMupdate1
Task Deleted : YTDownloader
Task Deleted : 28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-1
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-11
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-2
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-3
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-4
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-5
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-6
Task Deleted : 317f4595-71de-4252-9d83-12826e7edf97-7
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-1
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-11
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-2
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-4
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-5
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-6
Task Deleted : a82de225-8fdf-4901-a280-cc6789149059-7
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-1
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-11
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-2
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-4
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-5
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-6
Task Deleted : e504d5d7-66e9-4897-8c4f-2438eaa9df06-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611341129}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622342229}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191111}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611191115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192211}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622192215}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195511}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655195515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655345529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196611}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666196615}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666346629}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194411}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644194415}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644344429}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611341129}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191111}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SavePass 1.1
Key Deleted : HKCU\Software\AppDataLow\Software\Sense
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SavePass 1.1
Key Deleted : HKLM\SOFTWARE\Sense
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavePass 1.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sense
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 cs)

[ File : C:\Users\Multimedia\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=M292F3205-56B9-407C-B497-76AB0C6EDEBB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPE54F61D2-E9AF-483[...]

[ File : C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330189&octid=EB_ORIGINAL_CTID&ISID=M7F04DAED-A6A6-4454-8041-7EBDB95A7A43&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP224A2E92-4F01-4D2[...]
Line Deleted : user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22[...]
Line Deleted : user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22[...]
Line Deleted : user_pref("extensions.crossrider.bic", "148ad61071a4f1ed1860447361e75503");

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Zdeněk\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12074 octets] - [26/09/2014 15:54:22]
AdwCleaner[R1].txt - [12026 octets] - [26/09/2014 22:02:48]
AdwCleaner[S0].txt - [11368 octets] - [26/09/2014 22:17:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11429 octets] ##########

[Leo18]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.2 (09.26.2014:2)
OS: Windows 7 Home Premium x86
Ran by ZdenŘk on p  26.09.2014 at 22:28:29,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ZdenŘk\AppData\Roaming\mozilla\firefox\profiles\jqvdt89e.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  26.09.2014 at 22:33:17,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Leo18]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26.9.2014
Scan Time: 22:35:46
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.26.09
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ZdenÄ?k

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313092
Time Elapsed: 8 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.GeForce.A, HKLM\SOFTWARE\Ge-Force, Quarantined, [b28fba3880fbca6c317070074bb95fa1],
PUP.Optional.SavePass.A, HKLM\SOFTWARE\SavePass 1.1-nv, Quarantined, [0d347d751a614de9ab317c96ea19db25],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [84bd11e147341e188155d6a474901fe1],
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, Quarantined, [3f0235bd32493afca4ffcfa822e2a15f],
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SavePass 1.1, Quarantined, [8ab7916155264ee8de006ca65ba858a8],
PUP.Optional.GeForce.A, HKU\S-1-5-21-3348947890-1879374955-3345096279-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, Quarantined, [2a171ed4fd7e2313653e75027d87837d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],

Files: 20
PUP.Optional.Sense.A, C:\Users\ZdenÄ?k\AppData\Roaming\HTHJAIUU.exe, Quarantined, [fe43e70ba9d2ad89832aca92f9088a76],
PUP.Optional.Sense.A, C:\Users\ZdenÄ?k\AppData\Roaming\RWYUXR.exe, Quarantined, [50f1d31f12694cea505d84d81be6f60a],
PUP.Optional.OutBrowse, C:\Users\ZdenÄ?k\Downloads\wolf-creek-2-cze-5653481.exe, Quarantined, [2e131bd7a8d32115bc13ecd7be43b34d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\317f4595-71de-4252-9d83-12826e7edf97-5_user.job, Quarantined, [1b26e50dc6b53afc162785f2689c7090],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\e504d5d7-66e9-4897-8c4f-2438eaa9df06-5_user.job, Quarantined, [3c059d55c5b672c4f5480a6dfe066c94],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\e504d5d7-66e9-4897-8c4f-2438eaa9df06.xpi, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\1293297481.mxaddon, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\background.html, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\bgNova.html, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\cc82974a-9ab3-49a6-8e64-a076a315f670.crx, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\e504d5d7-66e9-4897-8c4f-2438eaa9df06.crx, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.GeForce.A, C:\Program Files\Ge-Force\Ge-Force.ico, Quarantined, [2b166a8802795fd75068d620e919e61a],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\03607242-9587-45f2-9936-aaa84fb723ae.crx, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\1293297481.mxaddon, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\28cd0bfe-3fed-4d1e-9b9f-c7b470dfc652.exe, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\a82de225-8fdf-4901-a280-cc6789149059.crx, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\a82de225-8fdf-4901-a280-cc6789149059.xpi, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\background.html, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\bgNova.html, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],
PUP.Optional.SavePass.A, C:\Program Files\SavePass 1.1\SavePass 1.1.ico, Quarantined, [c77aed050c6f02344b3a26d7ee14fc04],

Physical Sectors: 0
(No malicious items detected)


(end)

[Leo18]

RogueKiller V9.2.13.0 [Sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Zdeněk [Práva správce]
Mód : Kontrola -- Datum : 09/26/2014 23:13:33

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3348947890-1879374955-3345096279-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-3348947890-1879374955-3345096279-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \\Installer_shopperpro -- C:\Users\Zdeněk\AppData\Local\Installer\Installshopperpro_25921\DC1_Offer_2.exe (/S /SCHEDULE /MAG=obrdc /pn=shopperpro /pixGuid=61b1a9b6-2257-4d12-b949-5510bad9a7b1 /sub=11989) -> NALEZENO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] jqvdt89e.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> NALEZENO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 ATA Device +++++
--- User ---
[MBR] 84a42e4016b2941710dc51933fbe3229
[BSP] ae40940dbb04473bd794b3f43a1f391e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Verbatim STORE N GO USB Device +++++
--- User ---
[MBR] f4d6a0fa427a293e7f47466dd770b986
[BSP] ff247e1674ecfe60b5cae0d91d3b654f : Unknown MBR Code
Partition table:
0 - [XXXXXX] HIBER (0xa0) [VISIBLE] Offset (sectors): -10393244 | Size: 854113 MB
1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 168689525 | Size: 953964 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 778201452 | Size: 1314189 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[Leo18]

ogueKiller V9.2.13.0 [Sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Zdeněk [Práva správce]
Mód : Odebrat -- Datum : 09/27/2014 10:15:02

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-3348947890-1879374955-3345096279-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-3348947890-1879374955-3345096279-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \\Installer_shopperpro -- C:\Users\Zdeněk\AppData\Local\Installer\Installshopperpro_25921\DC1_Offer_2.exe (/S /SCHEDULE /MAG=obrdc /pn=shopperpro /pixGuid=61b1a9b6-2257-4d12-b949-5510bad9a7b1 /sub=11989) -> ERROR [0]

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] jqvdt89e.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> NAHRAZENO (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 ATA Device +++++
--- User ---
[MBR] 84a42e4016b2941710dc51933fbe3229
[BSP] ae40940dbb04473bd794b3f43a1f391e : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09262014_231333.log - RKreport_SCN_09272014_101257.log

[Leo18]

Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by ZdenŘk on so 27.09.2014 at 10:19:00,37.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ZDENK~1\Desktop\čištění Pc\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27.9.2014 10:20:55 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\MULTIM~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\MULTIM~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\MULTIM~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:

Added to C:\Users\MULTIM~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\MULTIM~1\AppData\Roaming\Mozilla\Firefox\Profiles\n9071zb8.default-1370150688715

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_27.09.2014_1036_.backup

ProfilePath: C:\Users\ZDENK~1\AppData\Roaming\Mozilla\Firefox\Profiles\jqvdt89e.default

user.js not found
---- Lines aVJKPXI46039420JMZUIOB85844870com63429 removed from prefs.js ----
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.active", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.addressbar", "NA");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.addressbarenhanced", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.asyncdb.was_copied", "true");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.asyncinternaldb.was_copied", "true");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.backgroundver", 1);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.certdomaininstaller", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.cookie.InstallationTime.value", "%221411650669%22");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%22%3A
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.description", "Just Save");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.domain", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.enablesearch", false);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.homepage", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.changeprevious", false);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.iframe", false);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.InstallationThankYouPage", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.InstallationTime", 1411650669);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B2%2C-2147483643%2C
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%2
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22AE31EF95E7B044
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub_id%2
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001504%22%2C%22sub
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22AE31E
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_appVer.value", "25");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_nextCheck.expiration", "Thu Sep 25 2014 23:14:53 GMT+0200");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.lastDailyReport", "1411658090271");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.lastUpdate", "1411658087464");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.manifesturl", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.name", "SavePass 1.1");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.newtab", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.opensearch", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.pluginsurl", "http://js.newclientstaticsrv.com/plugin/apps/63429/plugins/na/ff/plug
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.pluginsversion", 20);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.publisher", "OB");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.searchstatus", 0);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.setnewtab", false);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.thankyou", "");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.updateinterval", 360);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.ver", 25);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.VJKPXI46039420@JMZUIOB85844870.comasyncdb_dbWasSet", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.VJKPXI46039420@JMZUIOB85844870.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.VJKPXI46039420@JMZUIOB85844870.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.VJKPXI46039420@JMZUIOB85844870.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.VJKPXI46039420@JMZUIOB85844870.comaVJKPXI46039420JMZUIOB85844870com63429_dbWasSet",
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.63429.VJKPXI46039420@JMZUIOB85844870.comaVJKPXI46039420JMZUIOB85844870com63429_dbWasSet_F
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.apps", "63429");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.bic", "148ad61071a4f1ed1860447361e75503");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.cid", 63429);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.firstrun", false);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.hadappinstalled", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.installationdate", 1411658090);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.installerAdditionalInfo", "{\"asw\":[2, -2147483643, 512],\"browser_name\":\"ff\"}");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.modetype", "production");
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.reportInstall", true);
user_pref("extensions.aVJKPXI46039420JMZUIOB85844870com63429.statsDailyCounter", 1);
---- Lines awarnerrobertshotmailcom61915 removed from prefs.js ----
user_pref("extensions.awarnerrobertshotmailcom61915.61915.active", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbar", "NA");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbarenhanced", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncdb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncinternaldb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.backgroundver", 1);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.certdomaininstaller", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.value", "%221411650916%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000803%22%2C%22sub_id%22%3A%220%22%2
user_pref("extensions.awarnerrobertshotmailcom61915.61915.description", ".");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.domain", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.enablesearch", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.homepage", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.changeprevious", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.iframe", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationThankYouPage", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationTime", 1411650916);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B2%2C-2139095035%2C512%5D%2C
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22AE
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22AE31EF95E7B044D5934DB59
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000803%22%2C%22sub_id%22%3A%220%
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000803%22%2C%22sub_id%22%3A
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22AE31EF95E7B044
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.value", "33");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.expiration", "Thu Sep 25 2014 23:15:05 GMT+0200");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastDailyReport", "1411658099731");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastUpdate", "1411658098784");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.manifesturl", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.name", "Sense");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.newtab", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.opensearch", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsurl", "http://js.newclientstaticsrv.com/plugin/apps/61915/plugins/na/ff/plugins.json"
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsversion", 29);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.publisher", "Object Browser");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.searchstatus", 0);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.setnewtab", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.thankyou", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.updateinterval", 360);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.ver", 33);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.apps", "61915");
user_pref("extensions.awarnerrobertshotmailcom61915.bic", "148ad61071a4f1ed1860447361e75503");
user_pref("extensions.awarnerrobertshotmailcom61915.cid", 61915);
user_pref("extensions.awarnerrobertshotmailcom61915.firstrun", false);
user_pref("extensions.awarnerrobertshotmailcom61915.hadappinstalled", true);
user_pref("extensions.awarnerrobertshotmailcom61915.installationdate", 1411658090);
user_pref("extensions.awarnerrobertshotmailcom61915.installerAdditionalInfo", "{\"asw\":[2, -2139095035, 512],\"browser_name\":\"ff\"}");
user_pref("extensions.awarnerrobertshotmailcom61915.modetype", "production");
user_pref("extensions.awarnerrobertshotmailcom61915.reportInstall", true);
user_pref("extensions.awarnerrobertshotmailcom61915.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_27.09.2014_1036_.backup

ProfilePath: C:\Users\MULTIM~1\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----


==== Deleting Files \ Folders ======================

C:\Program Files\ShopperPro deleted
C:\Program Files\Common Files\System\SysMenu.dll deleted
C:\Users\ZDENK~1\AppData\Local\Installer deleted
C:\Users\ZDENK~1\AppData\Local\CrashRpt deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Windows\system32\tasks\ShopperProJSUpd deleted
C:\Windows\system32\tasks\YTDownloaderUpd deleted
C:\Windows\system32\tasks\Microsoft\Windows\Maintenance\SMupdate2 deleted
C:\Windows\system32\tasks\Microsoft\Windows\Multimedia\SMupdate3 deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Public\Documents\AlawarWrapper deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22.09.2014 16:26]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22.09.2014 16:26]

avast Online Security - ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader deleted successfully

==== Empty IE Cache ======================

C:\Users\ZDENK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\ZDENK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=25 folders=13 7375861 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ZDENK~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ZDENK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 27.09.2014 at 10:41:28,83 ======================