Prosím o kontrolu logu. Vyřešeno

[tomazojer]

zdravím,prosím o kontrolu logu zde přikládám log z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:32:49, on 16.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.18571)

FIREFOX: 31.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe
C:\Users\Tom\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\YoWindow\yowindow.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Tom\AppData\Roaming\pushbullet\pushbullet_102\pushbullet_app.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tom\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: WebSpades - {c919d8b2-11e4-43c7-a2c2-9294fd2c4106} - C:\Program Files\WebSpades\WebSpadesbho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [Spotify] "C:\Users\Tom\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SpeedItupFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pushbullet] "C:\Program Files\Pushbullet\pushbullet_app.exe"
O4 - HKCU\..\Run: [TornTv Downloader] C:\Users\Tom\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: TornTvDownloader.lnk = Tom\AppData\Roaming\TornTV.com\Torntv Downloader.exe
O4 - Startup: YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HiSuiteOuc.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Update service - Company - C:\Program Files\Popcorn Time\Updater.exe
O23 - Service: Update WebSpades - Unknown owner - C:\Program Files\WebSpades\updateWebSpades.exe
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

--
End of file - 11140 bytes

[Reklama]

[jaro3]

Odinstaluj:
Spybot - Search & Destroy 2
AVG SafeGuard toolbar

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[tomazojer]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3814 octets] ##########
# AdwCleaner v3.310 - Report created 16/09/2014 at 10:34:07
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Tom - TOM-PC
# Running from : C:\Users\Tom\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****

Service Found : IePluginServices
Service Found : Update WebSpades
Service Found : WindowsMangerProtect

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\istartsurf.xml
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Found : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\searchplugins\ask-search.xml
File Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\searchplugins\ask-web-search.xml
Folder Found : C:\Program Files\AskPartnerNetwork
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\ShopperPro
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\SpeedItup Free
Folder Found : C:\Program Files\WebSpades
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\Tbccint
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Tom\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Tom\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Tom\AppData\Local\globalUpdate
Folder Found : C:\Users\Tom\AppData\Local\Tbccint
Folder Found : C:\Users\Tom\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found : C:\Users\Tom\AppData\LocalLow\iWebar
Folder Found : C:\Users\Tom\AppData\LocalLow\Tbccint
Folder Found : C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\SafePCRepair_89
Folder Found : C:\Users\Tom\AppData\Roaming\TornTV.com

***** [ Scheduled Tasks ] *****

Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : SPDriver
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-1
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-11
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-2
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-4
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5_user
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-6
Task Found : 8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-7
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-1
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-11
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-2
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-4
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5_user
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-6
Task Found : b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-7
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-1
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-11
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-2
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-4
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5_user
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-6
Task Found : bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-7

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5
Key Found : HKCU\Software\AppDataLow\Software\Object Browser
Key Found : HKCU\Software\AppDataLow\Software\Sense
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Tbccint
Key Found : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\Tbccint
Key Found : HKCU\Software\Tbccint_HKLM
Key Found : HKCU\Software\WebSpades
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\WebSpades
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Torntv Downloader]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.18571

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\prefs.js ]

Line Found : user_pref("CT3329621.FF19Solved", "true");
Line Found : user_pref("CT3329621.UserID", "UN35275409172659515");
Line Found : user_pref("CT3329621.dum", "2");
Line Found : user_pref("CT3329621.fullUserID", "UN35275409172659515.IN.20140624172359");
Line Found : user_pref("CT3329621.installDate", "24/06/2014 17:24:04");
Line Found : user_pref("CT3329621.installSessionId", "4fc5f1e9-72ac-4121-96a2-dd313cff86bb");
Line Found : user_pref("CT3329621.installSp", "false");
Line Found : user_pref("CT3329621.installerVersion", "1.11.0.11");
Line Found : user_pref("CT3329621.searchRevert", "false");
Line Found : user_pref("CT3329621.searchUninstallUserMode", "4");
Line Found : user_pref("CT3329621.searchUserMode", "4");
Line Found : user_pref("CT3329621.toolbarInstallDate", "24-06-2014 17:23:59");
Line Found : user_pref("CT3329621.versionFromInstaller", "10.33.0.5");
Line Found : user_pref("CT3329621.xpeMode", "1");
Line Found : user_pref("extensions.crossrider.bic", "147406555d07ff60b2727416ea2f2805");
Line Found : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1404375474909");
Line Found : user_pref("extensions.toolbar.mindspark._89Members_.toolbarCollapsed", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");
Line Found : user_pref("smartbar.machineId", "WOJYNEYMW5R0DRLIB3PDBTOML9FQIWOQDEWBM0UGICVYNKVLTVQTEZJUBPS33SLPYJIJQTNNMRM+ZGPALV6MEG");

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [17181 octets] - [22/01/2014 20:17:17]
AdwCleaner[R1].txt - [3112 octets] - [24/01/2014 17:31:38]
AdwCleaner[S0].txt - [3066 octets] - [24/01/2014 17:34:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17362 octets] ##########

[tomazojer]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.9.2014
Scan Time: 10:38:27
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.16.03
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Tom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283456
Time Elapsed: 8 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, 1840, , [fe55866895e61422dacc8d2220e15ba5]
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1876, , [044f8a64b4c7b581c559456db0518d73]

Modules: 0
(No malicious items detected)

Registry Keys: 23
PUP.Optional.ELEX, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , [fe55866895e61422dacc8d2220e15ba5],
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [044f8a64b4c7b581c559456db0518d73],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, , [044f8a64b4c7b581c559456db0518d73],
PUP.Optional.WebSpades.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update WebSpades, , [e66d27c75229d75f8b4c800242bf6799],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\CLSID\{c919d8b2-11e4-43c7-a2c2-9294fd2c4106}, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{43867d46-e907-46d4-94c0-b50abf479a59}, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{49E31EE4-051E-49D7-B77B-05462B1E91D3}, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.WebSpades.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.WebSpades.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\CLSID\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}\INPROCSERVER32, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\istartsurfSoftware, , [044f529cc6b55bdbb5977b8a649f1ae6],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, , [02511cd23447f442c0065a0fda2a01ff],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\supWPM, , [ef64ad41196274c24643758ebc47a858],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\TheTorntv V10-nv, , [30235e90e09b50e6b22123478183ed13],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\WebSpades, , [93c02bc3077412246380f130dd2614ec],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, , [eb6846a80e6de254fdaa38efc0437888],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP, , [83d09c52aad1a4923b1aa45fa26127d9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, , [8cc7ab43d8a32b0bc5c35ca7b64d44bc],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, , [86cd43abf685dd5943920961ea1a7888],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, , [a0b3e30bb1caec4adf676e9706fd2bd5],
PUP.Optional.WebSpades.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WebSpades, , [0f447a747605eb4bb23079a88182b24e],
PUP.Optional.FastStart.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [b99a22ccbdbe39fd5f1a8a76867d9769],

Registry Values: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\extensions\faststartff@gmail.com, , [ee65d5195f1cb18527b7442464a0e41c]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\SupTab, , [83d09c52aad1a4923b1aa45fa26127d9]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, ild, , [8cc7ab43d8a32b0bc5c35ca7b64d44bc]
PUP.Optional.FastStart.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [b99a22ccbdbe39fd5f1a8a76867d9769]

Registry Data: 5
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5),,[9db68f5f93e85fd7cbbdd1234cb8b848]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}),,[e76c737be89377bf364810e43fc5d729]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5),,[85cef5f9b4c77eb8126a40b48282b54b]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5),,[bc977a744f2c2b0bd0b0985c0202a65a]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5),,[86cd6e805e1d3cfa4835698b3dc79f61]

Folders: 9
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades, , [cd86509e1b60c274df027ba6946fcc34],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar, , [7bd8ce20a5d64cead14dece952b0966a],
PUP.Optional.MindSpark.A, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\SafePCRepair_89, , [f65d5d91dd9ef93da47d4b925ba7d12f],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [dd76c7278cef75c1a730a93ebf438977],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [dd76c7278cef75c1a730a93ebf438977],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [f360a8463f3c2b0b8bbcd812ec1623dd],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, , [f360a8463f3c2b0b8bbcd812ec1623dd],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [f360a8463f3c2b0b8bbcd812ec1623dd],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, , [a4af1ed0c2b92a0c99c624d34fb3e020],

Files: 75
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, , [fe55866895e61422dacc8d2220e15ba5],
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [044f8a64b4c7b581c559456db0518d73],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\updateWebSpades.exe, , [e66d27c75229d75f8b4c800242bf6799],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\WebSpadesBHO.dll, , [1c370ee05b20bc7a7a5c1072818016ea],
PUP.Optional.Sambreel.A, C:\Program Files\WebSpades\WebSpades.FirstRun.exe, , [75de6c82f18a4beb9a50d98b26db35cb],
PUP.Optional.ClientConnect, C:\Users\Tom\AppData\Local\Tbccint\Community Alerts\Alert.dll, , [e56eac42bcbf77bfdb9a3778629ff20e],
PUP.Optional.TornTV.A, C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk, , [c093b539e893072f73ab6f9051b1e818],
PUP.Optional.QuickStart.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, , [9eb5c62882f9a78fc935d82a7c8750b0],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333836353533363139322d5537375a346c2d3232345b41, , [e37036b8a6d52115f21270936a991be5],
PUP.Optional.IStartSurf.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\istartsurf.xml, , [3a1909e53a4162d4b4cd3ec8907333cd],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperPro, , [2e25f9f52a51b77f21719671b350639d],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperProJSUpd, , [450e5b93a0db61d5abe8957226dd946c],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPDriver, , [75deb8367efdd75f890b4bbcb94a7a86],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-1, , [7ed5dc1285f6eb4be200cf3cfb089d63],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-11, , [d47f8d61e29965d1fbe788833dc650b0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-2, , [7bd823cb1764290d0ed47893c14243bd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-4, , [f06302ec265544f2a83a2be02ad99a66],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5, , [c29120ce5823d75f855d2cdf01029868],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5_user, , [ef6444aa4d2e84b2865c50bb5ca71fe1],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-6, , [b89bba343744082eb929ff0c5aa909f7],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-7, , [aaa915d95d1e84b2865c95762ed5f010],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-1, , [0f44d31b95e688ae6a7899729c678a76],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-11, , [d57ea648a4d79d9913cfd03b45be9d63],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-2, , [f65d2bc30774201617cbdd2eb152bf41],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-4, , [4b08c7275f1c2f07a53d16f5996acb35],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5, , [97bc8866a2d9af87c919c5468e75ae52],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5_user, , [4d06ed010873b383e1016e9d739014ec],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-6, , [e66d737b99e21d19eff33ccf5ba8bb45],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-7, , [c78c48a6f5861d19984a28e3a95af20e],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-1, , [93c0ad41adceb87eb03247c4996ac23e],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-11, , [381bf2fc5e1dfb3b10d25ead847f9070],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-2, , [f85bbd310f6c2f07ab37719a15eeb14f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-4, , [8cc76d813e3d16207c66ed1e6e95e41c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5, , [22317f6ff8833105489a72998f744eb2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5_user, , [015279755d1eef47bd259f6c966dd12f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-6, , [7dd6727c4536bb7becf60ffc28dbba46],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-7, , [f261a04e156641f504de54b79f64867a],
PUP.Optional.MindSpark.A, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\searchplugins\ask-web-search.xml, , [064dc42a86f585b1434f1cfbb94acf31],
PUP.Optional.Superfish.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [4c07c9256f0c1521aebea378768d55ab],
PUP.Optional.Superfish.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [1f34f0feabd090a6e78541daa55e817f],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\WebSpades.ico, , [cd86509e1b60c274df027ba6946fcc34],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\0, , [cd86509e1b60c274df027ba6946fcc34],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\7za.exe, , [cd86509e1b60c274df027ba6946fcc34],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\updateWebSpades.InstallState, , [cd86509e1b60c274df027ba6946fcc34],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-1.job, , [c291ea04cab12b0b630219516b99af51],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-11.job, , [d77c9856daa1c96db2b3ee7c729210f0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-2.job, , [0053ac42bebd8baba7be0a609371cb35],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-4.job, , [df746f7fa5d6ca6ca4c1de8c0ff58080],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5.job, , [ba992cc2e79437ff5c09ee7c3fc50df3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5_user.job, , [6ae98767532856e0dc896a006c98916f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-6.job, , [4a095f8fdaa1082ea0c596d42cd8b749],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-7.job, , [4f04866834473df9de873c2ec73d58a8],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-1.job, , [afa40ae42e4d54e20a5bb0baf21221df],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-11.job, , [a0b3599564173402acb9501a699bc739],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-2.job, , [351e7d71b6c5cc6a263f9dcddb29d32d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-4.job, , [f55eb33bb0cbc076ef763832956f33cd],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5.job, , [361d12dcfe7d7fb7e580175307fde818],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5_user.job, , [450e28c62e4d49ed1c49beacd62ea45c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-6.job, , [93c0fdf15f1c241289dc0d5d84806b95],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-7.job, , [183b43ab96e56accdd88b3b78381dd23],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-1.job, , [22318f5f7efdeb4b7beae684bc48b749],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-11.job, , [82d125c9e893b6803b2a1654788c4bb5],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-2.job, , [a7ac01ed4e2d5ed8461f83e782826d93],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-4.job, , [89ca8965bbc0bb7b2a3b9fcbe71dad53],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5.job, , [035010de691244f22b3acaa0b84c9967],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5_user.job, , [aaa9d7175a21f93ded78f674689c8080],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-6.job, , [8ec53db19dded660174e81e90ef62dd3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-7.job, , [ed668d618eed65d11451ed7db351e719],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar\DTFProxyToServerSect_bCrossriderApp0035510_p3696.dat, , [7bd8ce20a5d64cead14dece952b0966a],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar\DTFProxyToServerSect_bCrossriderApp0035510_p7180.dat, , [7bd8ce20a5d64cead14dece952b0966a],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar\DTFProxyToServerSect_bCrossriderApp0035510_p7704.dat, , [7bd8ce20a5d64cead14dece952b0966a],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [dd76c7278cef75c1a730a93ebf438977],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-08-20[20-44-26-757].log, , [f360a8463f3c2b0b8bbcd812ec1623dd],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [f360a8463f3c2b0b8bbcd812ec1623dd],
PUP.Optional.CrossRider.A, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "147406555d07ff60b2727416ea2f2805");), ,[4310a846d0abb383cdbb5ed48d78f40c]

Physical Sectors: 0
(No malicious items detected)


(end)

[Orcus]

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[tomazojer]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Home Premium x86
Ran by Tom on Łt 16.09.2014 at 16:33:27,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3329621
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6F90D239-3997-406C-8942-34ED2BC56BD4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Tom\AppData\Roaming\torntv.com"
Successfully deleted: [Folder] "C:\Program Files\speeditup free"
Successfully deleted: [Folder] "C:\Program Files\webspades"
Successfully deleted: [Folder] "C:\Users\Tom\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"



~~~ FireFox

Successfully deleted the following from C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\cyxcliov.default\prefs.js

user_pref("CT3329621.FF19Solved", "true");
user_pref("CT3329621.UserID", "UN35275409172659515");
user_pref("CT3329621.dum", "2");
user_pref("CT3329621.fullUserID", "UN35275409172659515.IN.20140624172359");
user_pref("CT3329621.installDate", "24/06/2014 17:24:04");
user_pref("CT3329621.installSessionId", "4fc5f1e9-72ac-4121-96a2-dd313cff86bb");
user_pref("CT3329621.installSp", "false");
user_pref("CT3329621.installerVersion", "1.11.0.11");
user_pref("CT3329621.searchRevert", "false");
user_pref("CT3329621.searchUninstallUserMode", "4");
user_pref("CT3329621.searchUserMode", "4");
user_pref("CT3329621.toolbarInstallDate", "24-06-2014 17:23:59");
user_pref("CT3329621.versionFromInstaller", "10.33.0.5");
user_pref("CT3329621.xpeMode", "1");
user_pref("browser.search.defaulturl", "hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1404375474909");
user_pref("extensions.toolbar.mindspark._89Members_.toolbarCollapsed", true);
user_pref("extensions.toolbar.mindspark.hp.enabled", false);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");
user_pref("keyword.URL", "hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("smartbar.machineId", "WOJYNEYMW5R0DRLIB3PDBTOML9FQIWOQDEWBM0UGICVYNKVLTVQTEZJUBPS33SLPYJIJQTNNMRM+ZGPALV6MEG");
Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\cyxcliov.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 16.09.2014 at 16:35:36,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[tomazojer]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.9.2014
Scan Time: 15:57:48
Logfile: mbba.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.16.04
Rootkit Database: v2014.09.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Tom

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283946
Time Elapsed: 10 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, 1460, Delete-on-Reboot, [c88c5a940972da5c139b4c63a65bb54b]
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1516, Delete-on-Reboot, [1d3714da601b7cba1610189ae8199d63]
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\updateWebSpades.exe, 1256, Delete-on-Reboot, [f75d41ad8fecbb7b33ac8cf69170768a]

Modules: 0
(No malicious items detected)

Registry Keys: 23
PUP.Optional.ELEX, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, Quarantined, [c88c5a940972da5c139b4c63a65bb54b],
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [1d3714da601b7cba1610189ae8199d63],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, Quarantined, [1d3714da601b7cba1610189ae8199d63],
PUP.Optional.WebSpades.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update WebSpades, Quarantined, [f75d41ad8fecbb7b33ac8cf69170768a],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\CLSID\{c919d8b2-11e4-43c7-a2c2-9294fd2c4106}, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{43867d46-e907-46d4-94c0-b50abf479a59}, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{49E31EE4-051E-49D7-B77B-05462B1E91D3}, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.WebSpades.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.WebSpades.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\CLASSES\CLSID\{C919D8B2-11E4-43C7-A2C2-9294FD2C4106}\INPROCSERVER32, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\istartsurfSoftware, Quarantined, [2a2a1ad48fec7eb87411ee17e32020e0],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, Quarantined, [b1a302ec7902b97d708fc3a6cf357a86],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\supWPM, Quarantined, [2c28f7f70f6cab8ba0227e85fb08916f],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\TheTorntv V10-nv, Quarantined, [e76d668895e6f93df913b8b323e112ee],
PUP.Optional.WebSpades.A, HKLM\SOFTWARE\WebSpades, Quarantined, [bc98816d364526106bb18c9682816a96],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [2331d519dc9f71c568782dfa59aa1ee2],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP, Quarantined, [163e7a74a1da5ed8365811f2679cd52b],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, Quarantined, [6de7b03e7b00b2846a57b54e45beab55],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, Quarantined, [b99b7b73b3c8cc6a030b5f0cf11336ca],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [65ef02ecef8ca096fc83ea1bf70ce11f],
PUP.Optional.WebSpades.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WebSpades, Quarantined, [63f1be30a4d759ddd44769b932d16e92],
PUP.Optional.FastStart.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Quarantined, [0d47a04e98e392a4dad8d42c4cb7748c],

Registry Values: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\extensions\faststartff@gmail.com, Quarantined, [90c4836b1f5cf640b66182e703018e72]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\SupTab, Quarantined, [163e7a74a1da5ed8365811f2679cd52b]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, ild, Quarantined, [6de7b03e7b00b2846a57b54e45beab55]
PUP.Optional.FastStart.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Quarantined, [0d47a04e98e392a4dad8d42c4cb7748c]

Registry Data: 5
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5),Replaced,[dd775c928bf0c1754e7a4ea62ada21df]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}, Good: (www.google.com), Bad: (http://www.istartsurf.com/web/?type=ds& ... VM9KBK5&q={searchTerms}),Replaced,[71e334ba7308d16565593bb920e4fc04]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5),Replaced,[c4908965cfac3ff7f1cbde1692721ee2]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5),Replaced,[ed678b63b9c2f93d17a9ee06cc387987]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-110300360-2000162496-1394732621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5, Good: (www.google.com), Bad: (http://www.istartsurf.com/?type=hp&ts=1 ... XX6VM9KBK5),Replaced,[530114da6d0efc3aceef609453b1fd03]

Folders: 9
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades, Delete-on-Reboot, [c98b07e7780385b141d9be640af99c64],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar, Quarantined, [fc58985693e8191d0354e5f0a75b827e],
PUP.Optional.MindSpark.A, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\SafePCRepair_89, Quarantined, [064e608e5427cb6b83d717c68f73b64a],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Delete-on-Reboot, [7dd70be3c9b2c571050b7177f70bc040],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [7dd70be3c9b2c571050b7177f70bc040],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Delete-on-Reboot, [5ff5717d0a7175c13f410ae0b74b0df3],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarantined, [5ff5717d0a7175c13f410ae0b74b0df3],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [5ff5717d0a7175c13f410ae0b74b0df3],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro, Quarantined, [eb6936b81a61171feeaa25d2df233ec2],

Files: 75
PUP.Optional.ELEX, C:\ProgramData\IePluginServices\PluginService.exe, Delete-on-Reboot, [c88c5a940972da5c139b4c63a65bb54b],
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Delete-on-Reboot, [1d3714da601b7cba1610189ae8199d63],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\updateWebSpades.exe, Delete-on-Reboot, [f75d41ad8fecbb7b33ac8cf69170768a],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\WebSpadesBHO.dll, Quarantined, [1b3919d586f57db97e600b77dd24c63a],
PUP.Optional.Sambreel.A, C:\Program Files\WebSpades\WebSpades.FirstRun.exe, Quarantined, [7ed6f5f95f1c2d09b14176ee46bb728e],
PUP.Optional.ClientConnect, C:\Users\Tom\AppData\Local\Tbccint\Community Alerts\Alert.dll, Quarantined, [f75dd21c3843c076403d7936dc25df21],
PUP.Optional.TornTV.A, C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TornTvDownloader.lnk, Quarantined, [41133db1de9d072fcd8a01fee71bf907],
PUP.Optional.QuickStart.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, Quarantined, [b3a1ed013d3ef93d90a7e71c91720000],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333836353533363139322d5537375a346c2d3232345b41, Quarantined, [30243fafbdbef541b98411f2fe05946c],
PUP.Optional.IStartSurf.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\istartsurf.xml, Quarantined, [de76aa449fdc82b46a503fc7fa097090],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperPro, Quarantined, [173de707d7a4102627a4ba4d55ae33cd],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperProJSUpd, Quarantined, [3420eb030e6d80b6bd0f45c2867dc33d],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPDriver, Quarantined, [282c24ca0a714ee808c549be1ae9a35d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-1, Quarantined, [0054e90590eb72c49f7ca06c956ec43c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-11, Quarantined, [5bf9e707b9c26dc914070705fd06a55b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-2, Quarantined, [6aea19d5abd07bbbfe1d23e957ac936d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-4, Quarantined, [97bd9955730842f44dceef1d887b936d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5, Quarantined, [b89c06e82c4fb68039e2d03cf90a12ee],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5_user, Quarantined, [77ddc9256a11a1953cdf828a20e3ac54],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-6, Quarantined, [be9612dcbdbe1125f526b953ea19ef11],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-7, Quarantined, [7ed6ea04374484b2fd1eb755fd06d030],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-1, Quarantined, [aaaa75793b4031053ae1de2eee1548b8],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-11, Quarantined, [361ec826215a6ec8c35803092dd6af51],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-2, Quarantined, [b59fffef14674cea1506808c4bb8936d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-4, Quarantined, [77dd02ec45368fa740db98747a8956aa],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5, Quarantined, [52028b636b10ee4867b438d4996a5aa6],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5_user, Quarantined, [68ecbc32ef8c44f2cf4cd33923e003fd],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-6, Quarantined, [f0646688116a56e04ad1fe0e7390a65a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-7, Quarantined, [3e16826cd8a378beb7640507887b39c7],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-1, Quarantined, [6fe56a841b60ac8a011a6e9eed1649b7],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-11, Quarantined, [0f45cc2294e7280e79a28389d72c24dc],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-2, Quarantined, [f36126c8e398d75f7d9e729aa65d30d0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-4, Quarantined, [b79d42ac314a21157f9cc14b0003a65a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5, Quarantined, [78dca9454c2f87afca51c349f11230d0],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5_user, Quarantined, [2430d519bac1ad894ad19478bb485ea2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-6, Quarantined, [4f05c6285a21db5b63b8b35942c1bd43],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-7, Quarantined, [0c483faf7704bb7b1b007e8ee1225fa1],
PUP.Optional.MindSpark.A, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\searchplugins\ask-web-search.xml, Quarantined, [b0a4b638e7941f17e0ebff18f70c53ad],
PUP.Optional.Superfish.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [7ed6fef0d0ab70c63075bb605ca7d030],
PUP.Optional.Superfish.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [6fe566882c4fbe78b4f19c7fdc2706fa],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\WebSpades.ico, Quarantined, [c98b07e7780385b141d9be640af99c64],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\0, Quarantined, [c98b07e7780385b141d9be640af99c64],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\7za.exe, Quarantined, [c98b07e7780385b141d9be640af99c64],
PUP.Optional.WebSpades.A, C:\Program Files\WebSpades\updateWebSpades.InstallState, Quarantined, [c98b07e7780385b141d9be640af99c64],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-1.job, Quarantined, [d28222cc3546b482aaf47dedb2524bb5],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-11.job, Quarantined, [de76d01e65161d190a940e5cb94bc838],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-2.job, Quarantined, [f1638a64d9a2171f6e30f77353b10af6],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-4.job, Quarantined, [5afa9c523d3e2a0cb8e66ffb0afadb25],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5.job, Quarantined, [4014e20c433869cddcc2026835cfd42c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-5_user.job, Quarantined, [2b29a5498dee1b1b3668c9a11ee611ef],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-6.job, Quarantined, [074d04ea1962e551a6f8f773d82c17e9],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\8ad0e2a0-99ce-475d-87aa-e0a04c2f37d6-7.job, Quarantined, [084c17d7d4a73ef83f5fa6c48a7a50b0],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-1.job, Quarantined, [5afac826dba0d95d9509690117edec14],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-11.job, Quarantined, [f55f06e8344772c43f5f4b1f1ce87b85],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-2.job, Quarantined, [6ee649a5b0cb6fc7722c204a8d77fb05],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-4.job, Quarantined, [233135b936456fc758467cee3cc843bd],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5.job, Quarantined, [064ee10dbebd4aecbfdf2f3b28dce719],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-5_user.job, Quarantined, [88ccdc12fb8062d4425c1e4c6f95aa56],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-6.job, Quarantined, [0e468866b1ca46f0ced00e5ccc38e51b],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\b9d4b6a6-1a7b-40e1-9e3e-782f61ac407c-7.job, Quarantined, [e76d22cc3b4048ee1c82600a1ce809f7],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-1.job, Quarantined, [6ee646a8017a42f44e5083e75ba915eb],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-11.job, Quarantined, [272dec023e3d12244c52e387a4608c74],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-2.job, Quarantined, [292b23cba5d6fa3ca6f86bffab598f71],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-4.job, Quarantined, [a0b435b90d6e60d6049ac9a1dd27936d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5.job, Quarantined, [93c1b13db2c9fe38d0cef47630d418e8],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-5_user.job, Quarantined, [a5afa94527545adc0896e981bb49b34d],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-6.job, Quarantined, [401435b98bf0c76f68360b5f19eb4db3],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\bb70d2a6-00ff-4f74-9fb3-80ba2c3dc32e-7.job, Quarantined, [44102ec07dfe86b0adf12743aa5a669a],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar\DTFProxyToServerSect_bCrossriderApp0035510_p3696.dat, Quarantined, [fc58985693e8191d0354e5f0a75b827e],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar\DTFProxyToServerSect_bCrossriderApp0035510_p7180.dat, Quarantined, [fc58985693e8191d0354e5f0a75b827e],
PUP.Optional.iWebar.A, C:\Users\Tom\AppData\LocalLow\iWebar\DTFProxyToServerSect_bCrossriderApp0035510_p7704.dat, Quarantined, [fc58985693e8191d0354e5f0a75b827e],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [7dd70be3c9b2c571050b7177f70bc040],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-08-20[20-44-26-757].log, Quarantined, [5ff5717d0a7175c13f410ae0b74b0df3],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [5ff5717d0a7175c13f410ae0b74b0df3],
PUP.Optional.CrossRider.A, C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "147406555d07ff60b2727416ea2f2805");), Replaced,[1e367e70d8a394a29b2d260cd233748c]

Physical Sectors: 0
(No malicious items detected)


(end)

[tomazojer]

RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Kontrola -- Datum : 09/16/2014 16:43:46

¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[Suspicious.Path] pushbullet_app.exe -- C:\Users\Tom\AppData\Roaming\pushbullet\pushbullet_102\pushbullet_app.exe[7] -> SMAZÁNO [TermProc]
[Suspicious.Path] (SVC) HiSuiteOuc.exe -- "C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe" -/service[7] -> ZASTAVENO
[Suspicious.Path] (SVC) HuaweiHiSuiteService.exe -- "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service[7] -> ZASTAVENO

¤¤¤ ¤¤¤ Záznamy Registrů: : 15 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Windows\CurrentVersion\Run | TornTv Downloader : C:\Users\Tom\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HiSuiteOuc.exe ("C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe" -/service) -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HuaweiHiSuiteService.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service) -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HiSuiteOuc.exe ("C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe" -/service) -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HuaweiHiSuiteService.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service) -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HiSuiteOuc.exe ("C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe" -/service) -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HuaweiHiSuiteService.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service) -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginServices () -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect () -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[Suspicious.Path] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\yowindow.scr -> NALEZENO
[PUM.HomePage] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://seznam.cz/ -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] cyxcliov.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> NALEZENO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 9cc2f1308b277ce1e56fcd4c93dc0697
[BSP] 4ddcefd0338f3a9eb053540bbbf27d68 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[tomazojer]

RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Tom [Práva správce]
Mód : Odebrat -- Datum : 09/17/2014 15:13:47

¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[Suspicious.Path] pushbullet_app.exe -- C:\Users\Tom\AppData\Roaming\pushbullet\pushbullet_102\pushbullet_app.exe[7] -> SMAZÁNO [TermProc]
[Suspicious.Path] (SVC) HiSuiteOuc.exe -- "C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe" -/service[7] -> ZASTAVENO
[Suspicious.Path] (SVC) HuaweiHiSuiteService.exe -- "C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe" -/service[7] -> ZASTAVENO

¤¤¤ ¤¤¤ Záznamy Registrů: : 13 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Windows\CurrentVersion\Run | TornTv Downloader : C:\Users\Tom\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup [x] -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HiSuiteOuc.exe () -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HuaweiHiSuiteService.exe () -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HiSuiteOuc.exe () -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HuaweiHiSuiteService.exe () -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HiSuiteOuc.exe () -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HuaweiHiSuiteService.exe () -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[Suspicious.Path] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\yowindow.scr [x] -> NAHRAZENO (C:\Windows\system32\logon.scr)
[PUM.HomePage] HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://seznam.cz/ -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com -> VYMAZÁNO
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com -> VYMAZÁNO
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com -> VYMAZÁNO

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 18 ¤¤¤
[FIREFX:Addon] cyxcliov.default : avast! Online Security [wrc@avast.com] -> VYMAZÁNO
[PUM.HomePage][FIREFX:Config] cyxcliov.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> NAHRAZENO (about:home)
[CHROME:Addon] Default : Angry Birds [aknpkdffaafgjchaibgeefbgmgeghloj] -> VYMAZÁNO
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> ERROR [2]
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Pushbullet [chlffgpmiacpedhhbkiomidkjlcfhogd] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Dota 2 Tiny [gcfmeleodkcnpemgfmfdoahememhgcnp] -> ERROR [2]
[CHROME:Addon] Default : AdBlock [gighmmpiobklfepjocnamgkkbiglidom] -> ERROR [2]
[CHROME:Addon] Default : avast! Online Security [gomekmidlodglbbmalcneegieacbdmki] -> ERROR [2]
[CHROME:Addon] Default : Adblock Advisor [iplojogpbcbnjoemcalepfmbcpnkpjjo] -> ERROR [2]
[CHROME:Addon] Default : Google Play [komhbcfkdcgmcdoenjcjheifdiabikfi] -> ERROR [2]
[CHROME:Addon] Default : Google Maps [lneaknkopdijkpnocmklfnjbeapigfbh] -> ERROR [2]
[CHROME:Addon] Default : Hangouts [nckgahadagoaajjgafhacjanaoiihapd] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Enhanced Steam [okadibdjfemgnhjiembecghcbfknbfhg] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 9cc2f1308b277ce1e56fcd4c93dc0697
[BSP] 4ddcefd0338f3a9eb053540bbbf27d68 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476836 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09162014_164346.log - RKreport_SCN_09172014_151025.log

[tomazojer]

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Tom on st 17.09.2014 at 15:15:18,57.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Tom\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.9.2014 15:17:30 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-110300360-2000162496-1394732621-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.order.1", "Seznam");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("extensions.APN_TB.first-previous-keyword-url", "");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_17.09.2014_1523_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Tbccint deleted
C:\Users\Tom\.android deleted
C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml deleted
C:\Program Files\globalUpdate deleted
C:\Program Files\Common Files\AVG Secure Search deleted
C:\found.000 deleted
C:\Users\Tom\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\PROGRA~2\spds90.txt deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\AVG Secure Search deleted
C:\PROGRA~2\AVG SafeGuard toolbar deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Tom\AppData\Local\Tbccint deleted
C:\Users\Tom\AppData\Local\globalUpdate deleted
C:\Users\Tom\AppData\Local\AVG SafeGuard toolbar deleted
C:\Users\Tom\AppData\Local\AskPartnerNetwork deleted
C:\Users\Tom\AppData\Local\CrashRpt deleted
C:\Users\Public\Documents\ShopperPro deleted
C:\Users\Tom\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Windows\wininit.ini deleted
C:\Windows\SpeedItup Free Setup Log.txt deleted
C:\Windows\SpeedItup Free Uninstall Log.txt deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\searchplugins\ask-search.xml deleted
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default\CT3329621 deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.08.2014 13:53]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cyxcliov.default
64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update
59FADC9EB6550247497C68D4BA498CC0 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
E3F807ECC0EF5DEA04D67676672841E4 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
F2CD1D7524F8E15AAC55568B9F72DE5B - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll - Nexon Game Controller
B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[27.07.2014 13:22]

avast Online Security - Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Fix ======================

C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1408560172&from=ild&uid=ST3500418AS_6VM9KBK5XXXX6VM9KBK5&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Tom\Desktop\Age of Mythology - The Titans Expansion.lnk - C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe
C:\Users\Tom\Desktop\Age of Mythology™ – zástupce.lnk -
C:\Users\Tom\Desktop\Ashampoo Burning Studio 2014.lnk - C:\Program Files\Ashampoo\Ashampoo Burning Studio 2014\burningstudio.exe
C:\Users\Tom\Desktop\Ashampoo WinOptimizer 2013.lnk - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\WO2013.exe
C:\Users\Tom\Desktop\Crysis2 – zástupce.lnk -
C:\Users\Tom\Desktop\Disk Google.lnk - C:\Users\Tom\Disk Google
C:\Users\Tom\Desktop\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Tom\Desktop\Spotify.lnk - C:\Users\Tom\AppData\Roaming\Spotify\spotify.exe
C:\Users\Tom\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Tom\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Tom\Desktop\Uplay.lnk - C:\Program Files\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\Tom\Desktop\Games\Peggle.lnk - C:\Program Files\Origin Games\Peggle Deluxe\Peggle.exe
C:\Users\Tom\Desktop\Programs\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Tom\Desktop\Programs\One-Click-Optimizer (WO2013).lnk - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\WO2013.exe -OCO

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Combat Arms EU.lnk - C:\Nexon\Combat Arms EU\CombatArms.exe
C:\Users\Public\Desktop\Crysis 3.lnk - C:\Program Files\Origin Games\Crysis 3\bin32\Crysis3.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\HiSuite.lnk - C:\Program Files\HiSuite\HiSuite.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Public\Desktop\King Arthur's Gold.lnk - C:\Users\Tom\KAG\KAG.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Origin.lnk - C:\Program Files\Origin\Origin.exe
C:\Users\Public\Desktop\Popcorn Time.lnk - C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe --no-proxy-server
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files\Steam\Steam.exe
C:\Users\Public\Desktop\TeamViewer 9.lnk - C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Public\Desktop\YoWindow.lnk - C:\Program Files\YoWindow\yowindow.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk - C:\Program Files\YoWindow\yowindow.exe -mt
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Users\Tom\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - C:\Users\Tom\AppData\Local\TeamSpeak 3 Client\Uninstall.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC\Uninstall XBMC.lnk - C:\Program Files\XBMC\Uninstall.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC\XBMC.lnk - C:\Program Files\XBMC\XBMC.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1029-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Co jsou iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\cs.lproj\About iTunes.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold\Dedicated Server.lnk - C:\Users\Tom\KAG\dedicatedserver.bat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold\Game Folder.lnk - C:\Users\Tom\KAG
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold\Manual.lnk - C:\Users\Tom\KAG\Manual\manual.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold\Play KAG.lnk - C:\Users\Tom\KAG\KAG.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold\Readme.lnk - C:\Users\Tom\KAG\readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\King Arthur's Gold\Uninstall KAG.lnk - C:\Windows\System32\msiexec.exe /x {643B056F-61C1-4489-9797-4D846D101A7A}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\LogMeIn Hamachi.lnk - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi\Uninstall.lnk - C:\Windows\system32\msiexec.exe /i {70B1DA58-A2B9-4EA0-B83D-F03CBEEAE22D} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Odinstalovat aplikaci Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe --no-proxy-server

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1 ... XX6VM9KBK5
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\YoWindow.lnk - C:\Program Files\YoWindow\yowindow.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.lnk - C:\Program Files\Origin\Origin.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files\Steam\Steam.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - C:\Users\Tom\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander 32 bit.lnk - C:\totalcmd\TOTALCMD.EXE
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Uplay.lnk - C:\Program Files\Ubisoft\Ubisoft Game Launcher\Uplay.exe
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

==== shortcuts After Repair ======================

C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== Empty IE Cache ======================

C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Tom\AppData\Local\Mozilla\Firefox\Profiles\cyxcliov.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=163 folders=89 48173573 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tom\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Tom\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 17.09.2014 at 15:26:19,38 ======================

[Orcus]

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pokud se log nevejde do jedné zprávy, rozděl jej na více částí.