PROSIIIM o kontrolu logu, vyskakujuce reklamy Vyřešeno

[SELMICEK]

Ahojko, dobry vecer prajem,
problem s vyskakovacimi reklamnymi oknami v prehliadaci, antivrak /AVAST/ mi nasiel v teste po restrate malwere a rovnako aj Malwarbytes Anti - Malwere ... poprosiiim mocno o kontrolu logu , vopred velkeee DAKUJEEEM :)
__________________________


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:27:38, on 7. 6. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASHelper.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASPRT.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOAS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASPRT.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SELMICEK\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SELMICEK\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Air Globe 1.0.0.7 - {4c54ce3d-6b7d-4f21-9e69-200632a98540} - C:\Program Files (x86)\Air Globe\AirGlobebho.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe (User 'Default user')
O4 - .DEFAULT User Startup: newreminderdialog.lnk = C:\Program Files\Fujitsu\FujitsuRecovery\NewReminderDialog.exe (User 'Default user')
O4 - Startup: LaunchCenter.lnk = C:\Program Files\Fujitsu\LaunchCenter\lcStarter.exe
O4 - Global Startup: Kaspersky Security Scan.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FUJ02E3Service - FUJITSU LIMITED - C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PFNService - FUJITSU LIMITED - C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - C:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update Air Globe - Unknown owner - C:\Program Files (x86)\Air Globe\updateAirGlobe.exe
O23 - Service: Util Air Globe - Unknown owner - C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12963 bytes

[Reklama]

[jerabina]

Ahoj, vítej na fóru PC-HELP! Je to trochu zmatený, tak to uděláme radši ještě jednou a popořadě:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[SELMICEK]

# AdwCleaner v4.206 - Log vytvorený 07/06/2015 at 22:08:45
# Aktualizované 01/06/2015 by Xplode
# Databáza : 2015-06-05.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x64)
# Uživateľské meno : SELMICEK - SELMICEK-PC
# Spustené z : C:\Users\SELMICEK\Desktop\AdwCleaner.exe
# Nastavenia : Skenovať

***** [ Služby ] *****

Služba Nájdené : {f17f19ac-f9b8-4e8d-b04e-93f39064f7e1}Gw64

***** [ Súbory / Priečinky ] *****

Priečinok Nájdené : C:\Program Files (x86)\Air Globe
Priečinok Nájdené : C:\Program Files (x86)\Optimizer Pro
Priečinok Nájdené : C:\ProgramData\Partner
Priečinok Nájdené : C:\Users\SELMICEK\AppData\Local\torch
Priečinok Nájdené : C:\Users\SELMICEK\AppData\Roaming\Systweak
Súbor Nájdené : C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
Súbor Nájdené : C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal
Súbor Nájdené : C:\Users\SELMICEK\AppData\Roaming\AdobeWLCMCache.dat
Súbor Nájdené : C:\Windows\System32\drivers\{f17f19ac-f9b8-4e8d-b04e-93f39064f7e1}Gw64.sys
Súbor Nájdené : C:\Windows\System32\roboot64.exe

***** [ Naplánované úlohy ] *****

Úloha Nájdené : ASP
Úloha Nájdené : LaunchSignup

***** [ Zástupcovia ] *****


***** [ Registre ] *****

Kľúč registra Nájdené : HKCU\Software\ArenaHD
Kľúč registra Nájdené : HKCU\Software\HighDefAction
Kľúč registra Nájdené : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Nájdené : HKCU\Software\Optimizer Pro
Kľúč registra Nájdené : HKCU\Software\systweak
Kľúč registra Nájdené : HKCU\Software\torch
Kľúč registra Nájdené : HKCU\Software\Tune
Kľúč registra Nájdené : HKCU\Software\YorkNewCin
Kľúč registra Nájdené : [x64] HKCU\Software\ArenaHD
Kľúč registra Nájdené : [x64] HKCU\Software\HighDefAction
Kľúč registra Nájdené : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Nájdené : [x64] HKCU\Software\Optimizer Pro
Kľúč registra Nájdené : [x64] HKCU\Software\systweak
Kľúč registra Nájdené : [x64] HKCU\Software\torch
Kľúč registra Nájdené : [x64] HKCU\Software\Tune
Kľúč registra Nájdené : [x64] HKCU\Software\YorkNewCin
Kľúč registra Nájdené : HKLM\SOFTWARE\ArenaHD
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Kľúč registra Nájdené : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Kľúč registra Nájdené : HKLM\SOFTWARE\HighDefAction
Kľúč registra Nájdené : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Kľúč registra Nájdené : HKLM\SOFTWARE\SProtector
Kľúč registra Nájdené : HKLM\SOFTWARE\systweak
Kľúč registra Nájdené : HKLM\SOFTWARE\torch
Kľúč registra Nájdené : HKLM\SOFTWARE\Tune
Kľúč registra Nájdené : HKLM\SOFTWARE\YorkNewCin
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\ArenaHD
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\HighDefAction
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\YorkNewCin

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81

[C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nájdené [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
[C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nájdené [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [5505 bajtov] - [07/06/2015 22:08:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5565 bajtov] ##########

[SELMICEK]

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum skenovania: 7. 6. 2015
Scan ??as: 22:13:09
Logfile: 762015.txt
Správca: áno

Verzia: 2.01.6.1022
Malware databázy: v2015.06.07.05
Rootkit databázy: v2015.06.02.01
Licencia: Zadarmo
Ochrana pred škodlivým softvérom: Telesne
Škodlivých webových stránok Ochrana: Telesne
Sebaobrany: Telesne

OS: Windows 7 Service Pack 1
CPU: x64
Systém súborov: NTFS
Používateľ: SELMICEK

Typ skenu: Hrozba Scan
Výsledok: Dokon??ené
Objekty naskenované: 358584
Uplynulý ??as: 16 min, 31 sec

Pamäť: Povolené
Pri spustení: Povolené
Súborový systém: Povolené
Archív: Povolené
Rootkity: Telesne
Heuristiky: Povolené
ŠTEŇA: Povolené
VYKUROVAC: Povolené

Procesy: 0
(Žiadne zákernej položky neboli zistené)

Moduly: 0
(Žiadne zákernej položky neboli zistené)

Kľú??e databázy Registry: 29
PUP.Optional.Airglobe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{f17f19ac-f9b8-4e8d-b04e-93f39064f7e1}Gw64, , [855c0fa86a20cd692bbeec8807ff0ef2],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [a938b0078ffb162052c6792716edd52b],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [a938b0078ffb162052c6792716edd52b],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [a938b0078ffb162052c6792716edd52b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{692f6862-1b0c-4c25-85bb-adade34051f4}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{692f6862-1b0c-4c25-85bb-adade34051f4}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{692f6862-1b0c-4c25-85bb-adade34051f4}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [6a7710a7b7d325115036d3d18c779c64],
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HighDefAction, , [b829e7d02b5f280ef17cec9722e39868],
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\YorkNewCin, , [f1f06255deacee480771305345c0b64a],
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, , [40a1e0d77713a49293ba3f40699c0ff1],
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\WOW6432NODE\HighDefAction, , [726fa512226872c4c0ad572c4eb7d42c],
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\WOW6432NODE\YorkNewCin, , [9150bcfb90fa2115fd7be3a0f51010f0],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [b0312f88870337ff22ba9851867dea16],
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, , [b1305b5ceb9f2a0c2b221b64040112ee],
PUP.Optional.AirGlobe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Air Globe, , [f6eb7f389dede45220d7787611f2f60a],
PUP.Optional.AirGlobe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Air Globe, , [a53c9c1bdfab72c4a25541adf50ef60a],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [499814a30d7d43f359f7bac5da2bdf21],
PUP.Optional.HighDefAction.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\HighDefAction, , [08d911a6d4b60135eb8196ed43c207f9],
PUP.Optional.YorkNewCin.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\YorkNewCin, , [4f92bcfb9ded8caab0c7a8db11f47b85],
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\ARENAHD, , [3ca5ad0afd8d20167bd188f712f356aa],
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\OPTIMIZER PRO, , [fce5c5f23753999d43d85e2665a0b947],

Hodnoty databázy Registry: 7
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, , [40a1e0d77713a49293ba3f40699c0ff1]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, , [568bf4c3f09ad561f266ec93be47f60a]
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD|value, 1, , [b1305b5ceb9f2a0c2b221b64040112ee]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION|value, 1, , [5d84bdfa4c3e6dc90256aed13cc9956b]
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\ARENAHD|value, 1, , [3ca5ad0afd8d20167bd188f712f356aa]
PUP.Optional.PCTuner.C, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\HIGHDEFACTION|value, 1, , [b031991eec9ebf77fa5c0877f70ee21e]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, http://conversion.pcutilitiespro.revenu ... rpro/xsell, , [fce5c5f23753999d43d85e2665a0b947]

Údaje databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Prie??inky: 4
PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Air Globe\bin, , [05dcf7c0751580b682458300a362b44c],
PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Air Globe, , [05dcf7c0751580b682458300a362b44c],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0, , [6f72e1d60684ae886f88d79e8b7b25db],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb, , [6f72e1d60684ae886f88d79e8b7b25db],

Súbory: 12
PUP.Optional.Airglobe, C:\Windows\System32\drivers\{f17f19ac-f9b8-4e8d-b04e-93f39064f7e1}Gw64.sys, , [855c0fa86a20cd692bbeec8807ff0ef2],
PUP.Optional.BrowseFox, C:\Users\SELMICEK\AppData\Roaming\Wise Uninstaller\8234215672145.file, , [974a31867d0d3cfa0f7df171bb4726da],
PUP.Optional.PricePeep.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, , [8e534671afdbf145ac8ca148eb18817f],
PUP.Optional.PricePeep.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, , [3ea33087dfabed491c1c4d9c49ba09f7],
PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Air Globe\bin\BrowserAdapter.7z, , [05dcf7c0751580b682458300a362b44c],
PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Air Globe\bin\7za.exe, , [05dcf7c0751580b682458300a362b44c],
PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Air Globe\bin\eula.txt, , [05dcf7c0751580b682458300a362b44c],
PUP.Optional.Sanbreel.A, C:\Program Files (x86)\Air Globe\bin\f17f19acf9b84e8db04e64.dll, , [05dcf7c0751580b682458300a362b44c],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\manifest.json, , [6f72e1d60684ae886f88d79e8b7b25db],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\background.js, , [6f72e1d60684ae886f88d79e8b7b25db],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\content.js, , [6f72e1d60684ae886f88d79e8b7b25db],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\icon.png, , [6f72e1d60684ae886f88d79e8b7b25db],

Fyzický sektory: 0
(Žiadne zákernej položky neboli zistené)


(end)

[jerabina]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[SELMICEK]

# AdwCleaner v4.206 - Log vytvorený 08/06/2015 at 10:15:39
# Aktualizované 01/06/2015 by Xplode
# Databáza : 2015-06-05.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x64)
# Uživateľské meno : SELMICEK - SELMICEK-PC
# Spustené z : C:\Users\SELMICEK\Desktop\AdwCleaner.exe
# Nastavenia : Čistenie

***** [ Služby ] *****

Služba Zmazané : {f17f19ac-f9b8-4e8d-b04e-93f39064f7e1}Gw64

***** [ Súbory / Priečinky ] *****

Priečinok Zmazané : C:\ProgramData\Partner
Priečinok Zmazané : C:\Program Files (x86)\Air Globe
Priečinok Zmazané : C:\Program Files (x86)\Optimizer Pro
Priečinok Zmazané : C:\Users\SELMICEK\AppData\Local\torch
Priečinok Zmazané : C:\Users\SELMICEK\AppData\Roaming\Systweak
Súbor Zmazané : C:\Windows\System32\roboot64.exe
Súbor Zmazané : C:\Windows\System32\drivers\{f17f19ac-f9b8-4e8d-b04e-93f39064f7e1}Gw64.sys
Súbor Zmazané : C:\Users\SELMICEK\AppData\Roaming\AdobeWLCMCache.dat
Súbor Zmazané : C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage

***** [ Naplánované úlohy ] *****

Úloha Zmazané : ASP
Úloha Zmazané : LaunchSignup

***** [ Zástupcovia ] *****


***** [ Registre ] *****

Kľúč registra Zmazané : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}
Kľúč registra Zmazané : HKCU\Software\Optimizer Pro
Kľúč registra Zmazané : HKCU\Software\torch
Kľúč registra Zmazané : HKCU\Software\Tune
Kľúč registra Zmazané : HKCU\Software\YorkNewCin
Kľúč registra Zmazané : HKCU\Software\HighDefAction
Kľúč registra Zmazané : HKCU\Software\ArenaHD
Kľúč registra Zmazané : HKLM\SOFTWARE\SProtector
Kľúč registra Zmazané : HKLM\SOFTWARE\systweak
Kľúč registra Zmazané : HKLM\SOFTWARE\torch
Kľúč registra Zmazané : HKLM\SOFTWARE\Tune
Kľúč registra Zmazané : HKLM\SOFTWARE\YorkNewCin
Kľúč registra Zmazané : HKLM\SOFTWARE\HighDefAction
Kľúč registra Zmazané : HKLM\SOFTWARE\ArenaHD
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\YorkNewCin
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\HighDefAction
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\ArenaHD
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Google Chrome v43.0.2357.81

[C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Zmazané [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
[C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Zmazané [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [5721 bajtov] - [07/06/2015 22:08:45]
AdwCleaner[R1].txt - [5536 bajtov] - [08/06/2015 10:13:53]
AdwCleaner[S0].txt - [4865 bajtov] - [08/06/2015 10:15:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4925 bajtov] ##########

[SELMICEK]

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum skenovania: 8. 6. 2015
Scan ??as: 10:20:53
Logfile: 862015.txt
Správca: áno

Verzia: 2.01.6.1022
Malware databázy: v2015.06.07.05
Rootkit databázy: v2015.06.02.01
Licencia: Zadarmo
Ochrana pred škodlivým softvérom: Telesne
Škodlivých webových stránok Ochrana: Telesne
Sebaobrany: Telesne

OS: Windows 7 Service Pack 1
CPU: x64
Systém súborov: NTFS
Používateľ: SELMICEK

Typ skenu: Hrozba Scan
Výsledok: Dokon??ené
Objekty naskenované: 358562
Uplynulý ??as: 17 min, 3 sec

Pamäť: Povolené
Pri spustení: Povolené
Súborový systém: Povolené
Archív: Povolené
Rootkity: Telesne
Heuristiky: Povolené
ŠTEŇA: Povolené
VYKUROVAC: Povolené

Procesy: 0
(Žiadne zákernej položky neboli zistené)

Moduly: 0
(Žiadne zákernej položky neboli zistené)

Kľú??e databázy Registry: 13
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{692f6862-1b0c-4c25-85bb-adade34051f4}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{692f6862-1b0c-4c25-85bb-adade34051f4}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{692f6862-1b0c-4c25-85bb-adade34051f4}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-128824230-1936052960-3311391894-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [9c45981f9af085b10c7a6a3a6e95eb15],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [03dec0f717732e087369feeb748f30d0],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [5b868631a9e1270f69e7215e8a7b06fa],

Hodnoty databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Údaje databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Prie??inky: 2
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0, , [439e6b4cfd8d4de92ec9e590b74fd62a],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb, , [439e6b4cfd8d4de92ec9e590b74fd62a],

Súbory: 6
PUP.Optional.BrowseFox, C:\Users\SELMICEK\AppData\Roaming\Wise Uninstaller\8234215672145.file, , [a53c526591f9d561dab27ae827db768a],
PUP.Optional.PricePeep.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, , [c0214a6d97f378be1325c82119ea0af6],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\manifest.json, , [439e6b4cfd8d4de92ec9e590b74fd62a],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\background.js, , [439e6b4cfd8d4de92ec9e590b74fd62a],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\content.js, , [439e6b4cfd8d4de92ec9e590b74fd62a],
PUP.Optional.AirGlobe.A, C:\Users\SELMICEK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpbaidajjahldjgilpdegaoflmienpb\1.0.1_0\icon.png, , [439e6b4cfd8d4de92ec9e590b74fd62a],

Fyzický sektory: 0
(Žiadne zákernej položky neboli zistené)


(end)

[SELMICEK]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by SELMICEK on po 08. 06. 2015 at 10:54:32,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Wise Care 365
Successfully deleted: [Task] C:\Windows\system32\tasks\Wise Care 365 PC Checkup Task
Successfully deleted: [Task] C:\Windows\tasks\Wise Care 365 PC Checkup Task.job
Successfully deleted: [Task] C:\Windows\tasks\Wise Care 365.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c54ce3d-6b7d-4f21-9e69-200632a98540}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4c54ce3d-6b7d-4f21-9e69-200632a98540}



~~~ Files

Successfully deleted: [File] C:\Users\SELMICEK\appdata\local\google\chrome\user data\default\local storage\http_static.publikeco00.publikeco.com_0.localstorage
Successfully deleted: [File] C:\Users\SELMICEK\appdata\local\google\chrome\user data\default\local storage\http_static.publikeco00.publikeco.com_0.localstorage-journal



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{31EE41AA-C973-41E7-AC6D-4C5B58D05EB5}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{32868A9E-8398-4702-8105-AB479BF19D87}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{41BDFDF0-F1E4-4A50-8398-8EA8AD62457E}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{4FA3AD25-BA3E-40CE-AD3B-3A5077343B69}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{52628684-036F-48E3-BBA6-FA8CFB2F061F}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{671F5E15-98E3-478C-811F-1BCFC16CFD23}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{73121063-371A-4DE0-88E5-77CD84B21E6F}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{7870D1AA-1225-4C38-8A9C-8E98CD11B3EE}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{8060F17A-D440-4D8A-B2AF-928CACDCD457}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{88F9543D-BAEF-4CE4-BFD2-126D54856617}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{8E664AE5-69ED-4B42-B024-B5F81231284C}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{920315ED-3E58-4EFA-9717-B0984629C5EB}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{980C3953-F2BF-4015-A899-91A40EC9022D}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{9A7F0864-07E3-4580-9EF6-CFE3B00CE96F}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{A789E97D-34B4-4964-968C-53BF097774AF}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{C19C24EC-5291-4B87-B886-6372730A8AD6}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{C9081EA5-CC5E-419B-BF7A-70E8B28B283A}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{CF14BB5D-16CC-4F4B-8DC7-8C8353938CD1}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{CFADE0C9-113B-4157-B453-F453E55E89F0}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{D4D25694-3C9E-4350-95DB-E0411697D3A9}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{E0EC3141-0591-4B2E-8F24-C12A1021F523}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{EAF33DD7-CE51-41B6-BF7F-228FD8772D17}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{EF17F8D3-F745-4304-957C-D52F6AAA37DC}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{F0785DD6-BD32-461F-ACA8-5B0B97993323}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{F6FFBCF4-241C-461B-93B3-1FC1027A39D6}
Successfully deleted: [Empty Folder] C:\Users\SELMICEK\appdata\local\{FB9300F0-2B81-4424-818C-B079FADF673B}
Successfully deleted: [Folder] C:\ProgramData\BBrowsye2savve [BHO.Multiplug]



~~~ Chrome


[C:\Users\SELMICEK\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\SELMICEK\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\SELMICEK\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\SELMICEK\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
mkfokfffehpeedafpekjeddnmnjhmcmk
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 08. 06. 2015 at 10:57:23,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[SELMICEK]

RK som musela premenovat na winlogon.exe zaraz :



RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SELMICEK [Administrator]
Started from : C:\Users\SELMICEK\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 06/08/2015 11:08:30

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.176.13.254 10.176.50.1 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.176.13.254 10.176.50.1 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.176.13.254 10.176.50.1 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEA56238-8FBC-4B4C-827D-45B149B39306} | DhcpNameServer : 10.176.13.254 10.176.50.1 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EEA56238-8FBC-4B4C-827D-45B149B39306} | DhcpNameServer : 10.176.13.254 10.176.50.1 [(Private Address) (XX)][(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EEA56238-8FBC-4B4C-827D-45B149B39306} | DhcpNameServer : 10.176.13.254 10.176.50.1 [(Private Address) (XX)][(Private Address) (XX)] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-16HXZT3 +++++
--- User ---
[MBR] e826b08c92a541c69a5b4e7a46222a87
[BSP] 157e97513169da3852fa47789e201b36 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2048 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 4200385 | Size: 713352 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Odinstaluj:
Kaspersky Security Scan

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[SELMICEK]

kaspersky security scan, nemozem nikde najst v pc / pozrela som to cez start-ovladaci panel. programy/ ... cize ako s tym teraz?

[jerabina]

Prvně udělej sken MBAM znovu v nouzovém režimu a na konci všechny nálezy vymaž, MBAM teďka nemazal.

Poté pokračuj dalšími instrukcemi, jedná se nejspíše o nějaký pozůstatek, který kdyžtak vymažeme později.