kontrola logu nepříjemné reklamy ve všech prohlížečích

pidlo · Příspěvekod **pidlo** » 17 bře 2015 13:51

Ahoj začalo to před 2 mi dny nějak se mi v pc objevilo zrychlení pc pc doktor a podobný otravy. Nevím co s tím když kliknu do stránky i když tam reklama není otevře se mi pc analys stránky mám úplně zahlcené reklamami ani na pc help se bez problému nepřihlásím. Potřeboval bych se těch reklam zbavit i když je odkřížkuji tak se mi otevírají další a další okna přitom mám vyskakovací okna zakázané. Mohli by jste nějak pomoci? zde na fóru říkali obnova systému nebo hjt obnova nepomohla tak posílám log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:45:37, on 17.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)

FIREFOX: 36.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SmartClock\SmartClock.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Adobe Arkalis\Adobe_Arkalis.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera_crashreporter.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Opera\28.0.1750.40\opera.exe
C:\Users\pidlo\Desktop\HijackThis.exe
C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASHelper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Air Globe 1.0.0.7 - {4c54ce3d-6b7d-4f21-9e69-200632a98540} - C:\Program Files (x86)\Air Globe\AirGlobebho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WindowsDriverScan86] C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk
O4 - HKLM\..\Run: [WindowsDriverScan64] C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SmartClock] C:\Program Files (x86)\SmartClock\SmartClock.exe /boot
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\pidlo\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2229232713-360834936-347754365-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCCB6769-7BB8-4166-BF5F-3D25B255F9A9}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Air Globe - Unknown owner - C:\Program Files (x86)\Air Globe\updateAirGlobe.exe
O23 - Service: Util Air Globe - Unknown owner - C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11483 bytes

Reklama

Příspěvekod **memphisto** » 17 bře 2015 14:32

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

pidlo · Příspěvekod **pidlo** » 17 bře 2015 16:19

# AdwCleaner v4.112 - Logfile created 17/03/2015 at 16:01:50
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : pidlo - PIDLO-PC
# Running from : C:\Users\pidlo\Desktop\adwcleaner_4.112.exe
# Option : Scan

***** [ Services ] *****

Service Found : {9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Found : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Found : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Found : C:\Windows\System32\drivers\{9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64.sys
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\pidlo\AppData\Local\globalUpdate
Folder Found : C:\Users\pidlo\AppData\Roaming\omniboxes
Folder Found : C:\Users\pidlo\AppData\Roaming\OpenCandy
Folder Found : C:\Users\pidlo\AppData\Roaming\RHEng

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Mozilla\Extends
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\GeekBuddyRSP
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\omniboxesSoftware
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v36.0.1 (x86 cs)

[lzoo6rau.default] - Line Found : user_pref("extensions.crossrider.bic", "14c1cf943b7626778a6087b5deb5322d");

-\\ Google Chrome v18.0.1025.142

-\\ Opera v28.0.1750.40

*************************

AdwCleaner[R0].txt - [1899 bytes] - [24/02/2015 12:11:11]
AdwCleaner[R1].txt - [3465 bytes] - [17/03/2015 16:01:50]
AdwCleaner[S0].txt - [1930 bytes] - [24/02/2015 15:09:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3583 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17.3.2015
Scan Time: 16:06:12
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.04
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pidlo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433183
Time Elapsed: 12 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 6
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.exe, 2148, , [4d4be95da8e216201209e25125ddca36]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\updateAirGlobe.exe, 2312, , [cfc9eb5b0b7fd264ac6fe54ef60c5da3]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASHelper.exe, 3568, , [9cfc6bdbee9c2313e751dad0a75cb54b]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter64.exe, 3692, , [9cfc6bdbee9c2313e751dad0a75cb54b]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.exe, 5100, , [9cfc6bdbee9c2313e751dad0a75cb54b]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.PurBrowse64.exe, 3492, , [9cfc6bdbee9c2313e751dad0a75cb54b]

Modules: 1
PUP.Optional.AirGlobe.A, c:\Program Files (x86)\Air Globe\bin\airglobe.expextdll.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],

Registry Keys: 38
PUP.Optional.AirGlobe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Air Globe, , [4d4be95da8e216201209e25125ddca36],
PUP.Optional.AirGlobe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Air Globe, , [cfc9eb5b0b7fd264ac6fe54ef60c5da3],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [e4b484c29bef79bd6207293254af4eb2],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [e4b484c29bef79bd6207293254af4eb2],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540}, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{692F6862-1B0C-4C25-85BB-ADADE34051F4}, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{692F6862-1B0C-4C25-85BB-ADADE34051F4}, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64, , [a3f5fb4bd4b625110c7b26ae1fe44eb2],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [9efa7cca73171d19e1d9c35b37cea15f],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\Air Globe, , [9107cb7bc8c22c0a507a34777e857f81],
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\omniboxesSoftware, , [9ff91d292d5d6dc9248bac04fa09c43c],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [7a1e073fe0aae0560baf6db1b253a060],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [e6b2d274bbcf082e8d68576cbb48c838],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.8cV14.03-nv, , [d3c5ab9be1a90432c5fc96375aa9c739],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.8cV14.03-nv-ie, , [a7f197afc0ca0a2c5a67b21b956e24dc],
PUP.Optional.InternetSpeedChecker.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Internet Speed Checker-nv, , [1d7b2d19ef9bcd69a154e8c763a0ee12],
PUP.Optional.InternetSpeedChecker.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Internet Speed Checker-nv-ie, , [70284501404a55e19a5b723ddb28a55b],
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv, , [fd9b0a3c3258df573fd76e638b78d828],
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, , [acecfe485a30ba7c3dd9359c41c2fe02],
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Air Globe, , [f1a71d29c9c1c373a02b941752b16a96],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.8cV14.03-nv-ie, , [fe9adb6b2c5edc5a7f42933a2ed52fd1],
PUP.Optional.InternetSpeedChecker.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Internet Speed Checker-nv-ie, , [6f296ed843478fa7b342624d57ac946c],
PUP.Optional.SavePass.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, , [dcbce75f880237ffeb2b0ac7bf4455ab],
PUP.Optional.SavePass.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass1.1, , [65336ed8692176c06ad1c6f4cf348d73],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [1e7a1c2a5436bf778ac92601b84dad53],
PUP.Optional.Qone8, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [326650f6f59548eee0d93de143c26a96],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Air Globe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [9cfc6bdbee9c2313e751dad0a75cb54b],

Registry Values: 1
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default\extensions\searchengine@gmail.com, , [2f69e95d0a8093a3d7b32817f0156997]

Registry Data: 18
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),,[dbbdb98dd1b93402ef67d20d887d966a]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),,[762232142f5b9e98d584538c62a3966a]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),,[07916bdbd8b2bf7755027e61a06501ff]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),,[99ff7cca92f8f3430dc9b637dd281ae6]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),,[b5e3f84e375364d211c5a449b4517789]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),,[5d3bb492ec9e75c1c412c429c73e04fc]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),,[72263f07ef9bf93decea02eb6a9bbd43]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[7c1ca89e395133033a87ecff4bbafe02]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),,[afe94afc8109fe38ba9c7867ea1b619f]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),,[05934303e0aa61d517429847749127d9]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),,[cbcde66097f31a1c7add3ea18184669a]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),,[acece66091f958de52849d5025e0f709]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),,[a2f6a4a20783db5bf0e601ec1de8817f]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),,[148456f01476191da03608e542c34bb5]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),,[bedaa6a0236715219b3bd9149f667c84]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[a5f3dc6a9ceed264616001eaca3ba45c]
PUP.Optional.Omniboxes.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),,[efa9c284a3e7b28434a39c5172937888]
PUP.Optional.Omniboxes.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),,[0890291dcbbf48ee21b6c4291aeb5aa6]

Folders: 12
PUP.Optional.OpenCandy, C:\Users\pidlo\AppData\Roaming\OpenCandy, , [e5b395b19af074c2b7c6313e818259a7],
PUP.Optional.OpenCandy, C:\Users\pidlo\AppData\Roaming\OpenCandy\65DA2FD3207E4B4ABED8F5232A7346DF, , [e5b395b19af074c2b7c6313e818259a7],
PUP.Optional.OpenCandy, C:\Users\pidlo\AppData\Roaming\OpenCandy\F590FF2BA76842EAB55E0805371A159A, , [e5b395b19af074c2b7c6313e818259a7],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [049454f2cfbb181efaa3a2e4b54efe02],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [049454f2cfbb181efaa3a2e4b54efe02],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\TEMP, , [9cfc6bdbee9c2313e751dad0a75cb54b],

Files: 71
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.exe, , [4d4be95da8e216201209e25125ddca36],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\updateAirGlobe.exe, , [cfc9eb5b0b7fd264ac6fe54ef60c5da3],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\AirGlobebho.dll, , [cdcb1d29098172c46573c699dc27639d],
PUP.Optional.CrossRider.A, C:\Users\pidlo\AppData\Roaming\QE.exe, , [66322620f397fd39900f6bb31beb5ba5],
PUP.Optional.CrossRider.A, C:\Users\pidlo\AppData\Roaming\VGBZBBG.exe, , [b1e7da6c197188ae1b84031b10f6fc04],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.omniboxes.com_0.localstorage, , [20783313a4e67bbb90624a6612f145bb],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64.sys, , [a3f5fb4bd4b625110c7b26ae1fe44eb2],
PUP.Optional.OpenCandy, C:\Users\pidlo\AppData\Roaming\OpenCandy\65DA2FD3207E4B4ABED8F5232A7346DF\pcmechanicpmROW_p1v2.exe, , [e5b395b19af074c2b7c6313e818259a7],
PUP.Optional.OpenCandy, C:\Users\pidlo\AppData\Roaming\OpenCandy\F590FF2BA76842EAB55E0805371A159A\LenovoSHAREit.exe, , [e5b395b19af074c2b7c6313e818259a7],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [049454f2cfbb181efaa3a2e4b54efe02],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [049454f2cfbb181efaa3a2e4b54efe02],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\503.json, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\MessageBox.xml, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\uninstallDlg2.xml, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\UninstallManager.exe, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\bg.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\bg1.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\bk_shadow.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\button.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\button1.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\checkbox.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\checkbox_select.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\checked.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\close.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\loading_bg.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\loading_light.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\min.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\scrollbar.bmp, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\Thumbs.db, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\unchecked.png, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\code1.jpg, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\code2.jpg, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\code3.jpg, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\code4.jpg, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\code5.jpg, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\code6.jpg, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\omniboxes\images\code\Thumbs.db, , [6e2ac87e6228dc5a7774cbdcfa099e62],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\0, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\AirGlobe.ico, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\AirGlobeUninstall.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\gppbclkihfhiokpinabobakbgliglpaj.crx, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\updateAirGlobe.InstallState, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc3869cd9796686e64.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOAS.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOAS.zip, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASHelper.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BOASPRT.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, c:\Program Files (x86)\Air Globe\bin\airglobe.browseradapter.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter64.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.zip, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, c:\Program Files (x86)\Air Globe\bin\airglobe.expextdll.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.PurBrowse64.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.PurBrowseG.zip, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\BrowserAdapter.7z, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\eula.txt, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\lnr21leg.ac0, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\sqlite3.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.InstallState, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\7za.exe, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc38.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc3864.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.BOAS.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.BrowserAdapter.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.CompatibilityChecker.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.ExpExt.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.FFUpdate.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.GCUpdate.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.PurBrowseG.dll, , [9cfc6bdbee9c2313e751dad0a75cb54b],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.omniboxes.com/?type=hp&ts=1426401256&from=obw&uid=ST1000DM003-1CH162_Z1D530ZGXXXXZ1D530ZG");), ,[1a7e69dd8406a98dd67b46e042c437c9]
PUP.Optional.CrossRider.A, C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14c1cf943b7626778a6087b5deb5322d");), ,[c3d5b393a4e614221f67ec3d8a7ccc34]

Physical Sectors: 0
(No malicious items detected)

(end)

Příspěvekod **jaro3** » 17 bře 2015 18:00

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

pidlo · Příspěvekod **pidlo** » 17 bře 2015 20:57

# AdwCleaner v4.112 - Logfile created 17/03/2015 at 20:20:55
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : pidlo - PIDLO-PC
# Running from : C:\Users\pidlo\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : {9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\pidlo\AppData\Local\globalUpdate
Folder Deleted : C:\Users\pidlo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\pidlo\AppData\Roaming\RHEng
Folder Deleted : C:\Users\pidlo\AppData\Roaming\omniboxes
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64.sys
File Deleted : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
Key Deleted : HKLM\SOFTWARE\GeekBuddyRSP

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

-\\ Mozilla Firefox v36.0.1 (x86 cs)

[lzoo6rau.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14c1cf943b7626778a6087b5deb5322d");

-\\ Google Chrome v18.0.1025.142

-\\ Opera v28.0.1750.40

*************************

AdwCleaner[R0].txt - [1899 bytes] - [24/02/2015 12:11:11]
AdwCleaner[R1].txt - [3682 bytes] - [17/03/2015 16:01:50]
AdwCleaner[R2].txt - [3741 bytes] - [17/03/2015 20:19:31]
AdwCleaner[S0].txt - [1930 bytes] - [24/02/2015 15:09:31]
AdwCleaner[S1].txt - [3683 bytes] - [17/03/2015 20:20:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3742 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by pidlo on Łt 17.03.2015 at 20:25:20,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\pidlo\AppData\Roaming\mozilla\firefox\profiles\lzoo6rau.default\prefs.js

user_pref("browser.search.searchengine.alias", "omniboxes");
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.iconURL", "hxxp://www.omniboxes.com/favicon.ico");
user_pref("browser.search.searchengine.name", "omniboxes");
user_pref("browser.search.searchengine.ptid", "obw");
user_pref("browser.search.searchengine.uid", "ST1000DM003-1CH162_Z1D530ZGXXXXZ1D530ZG");
user_pref("browser.search.searchengine.url", "hxxp://www.omniboxes.com/web/?type=ds&ts=1426401256&from=obw&uid=ST1000DM003-1CH162_Z1D530ZGXXXXZ1D530ZG&q={searchTerms}");
Emptied folder: C:\Users\pidlo\AppData\Roaming\mozilla\firefox\profiles\lzoo6rau.default\minidumps [6 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 17.03.2015 at 20:37:55,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17.3.2015
Scan Time: 20:39:12
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.17.06
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: pidlo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 433943
Time Elapsed: 7 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 6
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\updateAirGlobe.exe, 5784, Delete-on-Reboot, [3a60d96dc6c4d75f190adf54f70b41bf]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.exe, 5736, Delete-on-Reboot, [a5f53f07f298e254ee353df6927038c8]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter.exe, 4392, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter64.exe, 932, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.exe, 3328, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21]
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.PurBrowse64.exe, 5772, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21]

Modules: 2
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc3869cd9796686e.dll, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expextdll.dll, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],

Registry Keys: 35
PUP.Optional.AirGlobe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Air Globe, Quarantined, [3a60d96dc6c4d75f190adf54f70b41bf],
PUP.Optional.AirGlobe.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Air Globe, Quarantined, [a5f53f07f298e254ee353df6927038c8],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [d1c998ae3a500234e3ad015a20e3fc04],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [d1c998ae3a500234e3ad015a20e3fc04],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4c54ce3d-6b7d-4f21-9e69-200632a98540}, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{692F6862-1B0C-4C25-85BB-ADADE34051F4}, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{231022F1-BDDF-4AA9-B01F-87A7D6FB6CAF}, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{692F6862-1B0C-4C25-85BB-ADADE34051F4}, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4C54CE3D-6B7D-4F21-9E69-200632A98540}, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64, Quarantined, [9703ee586e1c51e5daf7cb0920e3fc04],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [297175d115751f17f50f9986e223af51],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\Air Globe, Quarantined, [3961291d7a10bf778d87bcf0956e07f9],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [9ffb202696f465d11be9d14e0ff6df21],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.8cV14.03-nv, Quarantined, [0b8f8eb8e1a99a9ccf3cf4da42c1f907],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.8cV14.03-nv-ie, Quarantined, [ccce0b3b4e3cef47030827a70ff4d32d],
PUP.Optional.InternetSpeedChecker.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Internet Speed Checker-nv, Quarantined, [dac04bfba1e943f3b9861d931de643bd],
PUP.Optional.InternetSpeedChecker.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Internet Speed Checker-nv-ie, Quarantined, [74265de92d5deb4b53ecb5fb22e108f8],
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv, Quarantined, [4b4f093d395188ae98c806cb48bbe41c],
PUP.Optional.SavePass.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [b4e632144644b383a9b729a850b3639d],
PUP.Optional.AirGlobe.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Air Globe, Quarantined, [a3f7a2a4d7b381b550c5f9b3ac5743bd],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.8cV14.03-nv-ie, Quarantined, [7c1e1f279eec0e28b952705e3bc85aa6],
PUP.Optional.InternetSpeedChecker.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Internet Speed Checker-nv-ie, Quarantined, [c8d2c680305a171fd8674c64e61d629e],
PUP.Optional.SavePass.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [fe9cac9a5733f640d18fba171ee551af],
PUP.Optional.SavePass.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass1.1, Quarantined, [4258a79f2169e3531e677446966dbb45],
PUP.Optional.Qone8, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [5d3d0e3829611c1a966def30f90cbf41],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Air Globe, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],

Registry Values: 0
(No malicious items detected)

Registry Data: 16
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),Replaced,[4753a99d7e0ccb6b3c64c8170500956b]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),Replaced,[1585ca7c2466df57dfc4ce115fa6867a]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),Replaced,[7b1f1c2ab5d5d85eb3ee528d7a8bf808]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),Replaced,[7e1c91b5830770c6d54bdf0f57ae8f71]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),Replaced,[3a60a99d494163d3a67a08e6a5603dc3]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),Replaced,[f2a8c2841a70e74f3ee2777750b544bc]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),Replaced,[a2f8281e7614a2947da321cdee174eb2]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),Replaced,[4c4eb88e64262115b3ed736c2dd80ff1]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),Replaced,[c5d5f2546228b086099a6778c14433cd]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG),Replaced,[584263e39ded4ceaadf4e0ffba4b15eb]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),Replaced,[cbcf3610deacc86eef3101edc63f619f]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),Replaced,[bae07fc795f5ec4ac35d579736cf57a9]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),Replaced,[633773d3ed9d66d0a27ee9058481a55b]
PUP.Optional.Omniboxes.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}, Good: (www.google.com), Bad: (http://www.omniboxes.com/web/?type=ds&t ... 1D530ZG&q={searchTerms}),Replaced,[b0eaef575a30f442fc245c92729348b8]
PUP.Optional.Omniboxes.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),Replaced,[88129caabdcdbf77d15058963ec7ac54]
PUP.Optional.Omniboxes.A, HKU\S-1-5-21-2229232713-360834936-347754365-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG, Good: (www.google.com), Bad: (http://www.omniboxes.com/?type=hp&ts=14 ... XXZ1D530ZG),Replaced,[fb9f56f008820630df42d11d5fa6d62a]

Folders: 4
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\TEMP, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],

Files: 35
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\updateAirGlobe.exe, Delete-on-Reboot, [3a60d96dc6c4d75f190adf54f70b41bf],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.exe, Delete-on-Reboot, [a5f53f07f298e254ee353df6927038c8],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\AirGlobebho.dll, Quarantined, [603a0f37f5950d2956a97ee150b31ae6],
PUP.Optional.CrossRider.A, C:\Users\pidlo\AppData\Roaming\QE.exe, Quarantined, [702a15314149c76f8862d24cee18f709],
PUP.Optional.CrossRider.A, C:\Users\pidlo\AppData\Roaming\VGBZBBG.exe, Quarantined, [3d5d182eb7d348ee905a0a14798dca36],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.omniboxes.com_0.localstorage, Quarantined, [3e5c58eefb8f9f97a696c7eace3515eb],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9d441ea6-1f17-4617-bc38-69cd9796686e}Gw64.sys, Quarantined, [9703ee586e1c51e5daf7cb0920e3fc04],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\0, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\AirGlobe.ico, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\AirGlobeUninstall.exe, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\gppbclkihfhiokpinabobakbgliglpaj.crx, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\updateAirGlobe.InstallState, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\7za.exe, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc38.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc3864.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc3869cd9796686e.dll, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\9d441ea61f174617bc3869cd9796686e64.dll, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter.exe, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.BrowserAdapter64.exe, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.exe, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expext.zip, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.expextdll.dll, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.PurBrowse64.exe, Delete-on-Reboot, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\AirGlobe.PurBrowseG.zip, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\BrowserAdapter.7z, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\eula.txt, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\sqlite3.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\utilAirGlobe.InstallState, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.BrowserAdapter.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.CompatibilityChecker.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.ExpExt.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.FFUpdate.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.GCUpdate.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.AirGlobe.A, C:\Program Files (x86)\Air Globe\bin\plugins\AirGlobe.PurBrowseG.dll, Quarantined, [1d7d4ef84644ed492a35a208689bdf21],
PUP.Optional.Omniboxes.A, C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.omniboxes.com/?type=hp&ts=1426401256&from=obw&uid=ST1000DM003-1CH162_Z1D530ZGXXXXZ1D530ZG");), Replaced,[534734123f4b6acc019cb571ef17b34d]

Physical Sectors: 0
(No malicious items detected)

(end)

RogueKiller V10.5.5.0 (x64) [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : pidlo [Práva správce]
Started from : C:\Users\pidlo\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/17/2015 20:56:43

¤¤¤ Procesy : 4 ¤¤¤
[Suspicious.Path] szninstall.exe(3764) -- C:\Users\pidlo\AppData\Roaming\Seznam.cz\szninstall.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] szndesktop.exe(3788) -- C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] listicka-x64.exe(4192) -- C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> Zastaveno [TermThr]
[Suspicious.Path] explorer.exe(1692) -- C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\22478libfoxloader-x64.dll[-] -> Uvolněno

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno

¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] QE.job -- C:\Users\pidlo\AppData\Roaming\QE.exe (/infocmdline=OZ9c3Iq5tq3Tm1ysAQFZiWOGhrc8K4Fksn5OP3SMG1TIQYC57bwZ29ELyk058T4/jsshJiC6Q3l35xZMD4xLQa+rjn3yaCCAFADGKrIkJcWWn6TdDseqPVXb9pkHqCRFIqCSov+m6s+QXepjFwHv0b9xRuOAg7dEGYOHQUEXMv8T+HLgz17Q90DeYixBjHY75ZLP6l/tE6EQAoaeidARuF4tWbTIYD5O0+jnU1jvy5E222Okn4SOvnmohjSl7UJaiCPM6ZSVI+scSP4kL6WD9B4Ghl58d/fjCoHAl6tObaQb7nGpMwx1ZkDiEATwwIxN60HQBoFV3EkQhczCtTL08DY0ydKjRcjoO9ZRc98m/8mMg79URgF5HzoUfK8m7ZH+uF9Ki3BAI5FCeBtg9pYLsoftEA/PFiNGfvAhdXyel1Y8uFjO/zyrpXRvjnBqnkua23znCielxIiEvDq3M+N09pi1RAn0h+2ShofYnv2Q7/Dhhz4DI7lV98vM6pHnNHrD) -> Nalezeno
[Suspicious.Path] VGBZBBG.job -- C:\Users\pidlo\AppData\Roaming\VGBZBBG.exe (/infocmdline=bLt/jCjGHuPSTe7HLkrJWbo8JjE/xFp0jgRAGGiZih0IGTsUf2N4VvmsIKk1BbmtnJlE7DXbiOzc2i0XWSMKq7U96c6WWhE8lU5LVjwoctmZVgwsrjSYL9IA65thqilfkpudvmW9kpuw27guTH0wkCyR4CEQy/gIzP3esgIjv20o86Z4+Mxeac0yz/NuBGfqNyAcvFpSLjYIQrFxOmNRDKN0TN6u+jj+ttqYl0pOEL0NZH54qjhicVJCL0ITwo8zlMhcsfFbzQFivu73jes4RmRAu/itQKsKm7yYUlG5E1HxDgp/6teGW040v7QyPhM/IikoVIbE05HdC2bMirOSfsHsg0faR0exJ7/tpnScSaNrrMgnSxn/EHOluFSycjKpIpm6Q/C0BqFbwlhUv+MvX6Vr2jVGDap1t6i/rad/TI2Hi6Uz3zqxitOvpx4Bxh8mfjrVLVKssG7Busr6nlq8qVwjPJ7s0sWsFr3Q64iyMReu7JZBHO8DYCgG5hwk+QT8qA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Nalezeno
[Suspicious.Path] \\QE -- C:\Users\pidlo\AppData\Roaming\QE.exe (/infocmdline=OZ9c3Iq5tq3Tm1ysAQFZiWOGhrc8K4Fksn5OP3SMG1TIQYC57bwZ29ELyk058T4/jsshJiC6Q3l35xZMD4xLQa+rjn3yaCCAFADGKrIkJcWWn6TdDseqPVXb9pkHqCRFIqCSov+m6s+QXepjFwHv0b9xRuOAg7dEGYOHQUEXMv8T+HLgz17Q90DeYixBjHY75ZLP6l/tE6EQAoaeidARuF4tWbTIYD5O0+jnU1jvy5E222Okn4SOvnmohjSl7UJaiCPM6ZSVI+scSP4kL6WD9B4Ghl58d/fjCoHAl6tObaQb7nGpMwx1ZkDiEATwwIxN60HQBoFV3EkQhczCtTL08DY0ydKjRcjoO9ZRc98m/8mMg79URgF5HzoUfK8m7ZH+uF9Ki3BAI5FCeBtg9pYLsoftEA/PFiNGfvAhdXyel1Y8uFjO/zyrpXRvjnBqnkua23znCielxIiEvDq3M+N09pi1RAn0h+2ShofYnv2Q7/Dhhz4DI7lV98vM6pHnNHrD) -> Nalezeno
[Suspicious.Path] \\VGBZBBG -- C:\Users\pidlo\AppData\Roaming\VGBZBBG.exe (/infocmdline=bLt/jCjGHuPSTe7HLkrJWbo8JjE/xFp0jgRAGGiZih0IGTsUf2N4VvmsIKk1BbmtnJlE7DXbiOzc2i0XWSMKq7U96c6WWhE8lU5LVjwoctmZVgwsrjSYL9IA65thqilfkpudvmW9kpuw27guTH0wkCyR4CEQy/gIzP3esgIjv20o86Z4+Mxeac0yz/NuBGfqNyAcvFpSLjYIQrFxOmNRDKN0TN6u+jj+ttqYl0pOEL0NZH54qjhicVJCL0ITwo8zlMhcsfFbzQFivu73jes4RmRAu/itQKsKm7yYUlG5E1HxDgp/6teGW040v7QyPhM/IikoVIbE05HdC2bMirOSfsHsg0faR0exJ7/tpnScSaNrrMgnSxn/EHOluFSycjKpIpm6Q/C0BqFbwlhUv+MvX6Vr2jVGDap1t6i/rad/TI2Hi6Uz3zqxitOvpx4Bxh8mfjrVLVKssG7Busr6nlq8qVwjPJ7s0sWsFr3Q64iyMReu7JZBHO8DYCgG5hwk+QT8qA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Nalezeno
[Suspicious.Path] \\{232CCFF3-F866-4A70-AAE7-5215AFA866FA} -- C:\Users\pidlo\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 9d3fe8e361a2ed1bd8de605a7dc83841
[BSP] d437633418b06fce5f9faffdf0544274 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_02242015_191732.log - RKreport_SCN_02242015_153453.log - RKreport_SCN_02242015_191527.log

Příspěvekod **jaro3** » 18 bře 2015 08:56

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

pidlo · Příspěvekod **pidlo** » 18 bře 2015 12:57

RogueKiller V10.5.5.0 (x64) [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : pidlo [Práva správce]
Started from : C:\Users\pidlo\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/18/2015 12:16:39

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤

Zoek.exe v5.0.0.0 Updated 17-March-2015
Tool run by pidlo on st 18.03.2015 at 12:22:31,36.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\pidlo\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-02-24-190213.log 9364 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\pidlo\AppData\Roaming\Awesomium deleted successfully
C:\Users\pidlo\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default\prefs.js:

Added to C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default

user.js not found
---- Lines Air Globe removed from prefs.js ----
user_pref("extensions.Air Globe.asul", "1426616161988");
user_pref("extensions.Air Globe.aul", "1426619554121");
user_pref("extensions.Air Globe.irl", true);
user_pref("extensions.Air Globe.is", "ob13265ppCZ");
user_pref("extensions.Air Globe.ug", "BF0B2F4A-368B-490E-B7AB-3F10E835896A");
---- FireFox user.js and prefs.js backups ----

prefs_18.03.2015_1250_.backup
prefs_24.02.2015_1951_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Dragon\shell\open\command]
@="C:\\Program Files (x86)\\Comodo\\Dragon\\dragon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Launcher.exe"

==== Deleting Files \ Folders ======================

C:\Users\pidlo\AppData\Roaming\.minecraft deleted
C:\Users\pidlo\AppData\LocalLow\boost_interprocess deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\Users\pidlo\AppData\Roaming\QE" deleted
"C:\Users\pidlo\AppData\Roaming\VGBZBBG" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\pidlo\AppData\Roaming\Mozilla\Firefox\Profiles\lzoo6rau.default
12B7772C549B1A9A7AC2C0062F1582FF - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll - Shockwave for Director / Shockwave for Director
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
06DBB13F22F34314D8FB57D1139EBB67 - C:\Users\pidlo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Air Globe - pidlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbclkihfhiokpinabobakbgliglpaj

==== Chromium Fix ======================

C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.omniboxes.com_0.localstorage deleted successfully
C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.omniboxes.com_0.localstorage deleted successfully
C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.omniboxes.com_0.localstorage-journal deleted successfully
C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_dealsking.co_0.localstorage deleted successfully
C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_dealsking.co_0.localstorage-journal deleted successfully
C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbclkihfhiokpinabobakbgliglpaj deleted successfully
C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gppbclkihfhiokpinabobakbgliglpaj_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6D36300D-5240-4341-93C9-4E0BF9A078C7} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454"

==== Reset Google Chrome ======================

C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\pidlo\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Guest\Desktop\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\Guest\Desktop\FlatOut2.lnk - C:\Program Files\FlatOut2\FlatOut2.exe
C:\Users\Guest\Desktop\Soul-Aion Launcher – zástupce.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe
C:\Users\pidlo\Desktop\aaaaaaaaaa\DivX Movies.lnk - C:\Users\pidlo\Videos\DivX Movies
C:\Users\pidlo\Desktop\aaaaaaaaaa\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
C:\Users\pidlo\Desktop\aaaaaaaaaa\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\pidlo\Desktop\aaaaaaaaaa\SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe
C:\Users\pidlo\Desktop\aaaaaaaaaa\µTorrent.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Milda\prezentace soš\Nová složka\Prezentace - HOTOVO oprava 1\VY_32_inovace_39\09\Zástupce - O 09.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\ABCgames Cheater.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Adobe Reader 6.0 CE.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Bandicam.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Battle.net.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Cheat Engine.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\CloneCD.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\COMODO Antivirus.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Comodo Dragon.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\DAEMON Tools Lite.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\DeepBurner.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\DOSBox 0.74.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Gameforge Live.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\GeekBuddy.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Hi-Rez Diagnostics and Support.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Multiplayer server.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Overwolf.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Steam.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Trend Micro Titanium Internet Security.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\µTorrent.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Aion\Aion\Aion.lnk -
C:\Users\pidlo\Desktop\aaaaaaaaaa\Nová složka\Aion\Aion\L10N\components\Shortcut to components.lnk -
C:\Users\pidlo\Desktop\hry\bombardaci – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\BurnoutParadise.exe – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\CABAL Online (EU).lnk -
C:\Users\pidlo\Desktop\hry\Counter-Strike 1.6.lnk - C:\Counter-Strike 1.6\csko.exe -steam -game cstrike
C:\Users\pidlo\Desktop\hry\darksiders.lnk - C:\Program Files (x86)\THQ\Darksiders II\Launcher.exe
C:\Users\pidlo\Desktop\hry\DmC - Devil May Cry.lnk - C:\Program Files (x86)\DmC - Devil May Cry\Binaries\Win32\game.exe
C:\Users\pidlo\Desktop\hry\Drači oko.lnk -
C:\Users\pidlo\Desktop\hry\FIFA 13.lnk -
C:\Users\pidlo\Desktop\hry\FlatOut2.lnk - C:\Program Files\FlatOut2\FlatOut2.exe
C:\Users\pidlo\Desktop\hry\Frozen Throne.lnk -
C:\Users\pidlo\Desktop\hry\Gas Guzzlers.lnk -
C:\Users\pidlo\Desktop\hry\Goat Simulator.lnk - C:\Program Files (x86)\Goat Simulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
C:\Users\pidlo\Desktop\hry\GTA San Andreas.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\Users\pidlo\Desktop\hry\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\pidlo\Desktop\hry\Heroes of Might and Magic® III Complete.lnk -
C:\Users\pidlo\Desktop\hry\heroes4c.exe – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\heroes4_bwb.exe – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\iw3sp.exe – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\Just Cause 2.lnk - C:\Program Files (x86)\Tomi2k9\Just Cause 2\JustCause2_Launcher.exe
C:\Users\pidlo\Desktop\hry\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Users\pidlo\Desktop\hry\Middle Earth - Shadow of Mordor.lnk - C:\Hry\Middle Earth - Shadow of Mordor\x64\ShadowOfMordor.exe
C:\Users\pidlo\Desktop\hry\Minecraft Launcher 1.8.lnk - C:\Program Files (x86)\Mojang\Minecraft Launcher 1.8\Minecraft Launcher 1.8.exe
C:\Users\pidlo\Desktop\hry\Need for Speed™ Most Wanted.lnk -
C:\Users\pidlo\Desktop\hry\NHL 12.exe.lnk - C:\Program Files (x86)\EA GAMES\NHL 09\nhl2009.exe
C:\Users\pidlo\Desktop\hry\NosTale.lnk - C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe "C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\NosTale\Nostale.exe" -start Nostale
C:\Users\pidlo\Desktop\hry\Painkiller.lnk - C:\Users\pidlo\Desktop\hry\Painkiller\Bin\Painkiller.exe
C:\Users\pidlo\Desktop\hry\Path of Exile.lnk - C:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile.exe
C:\Users\pidlo\Desktop\hry\Pro Evolution Soccer 2013 – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\Recettear - An Item Shops Tale.lnk - C:\Program Files (x86)\Carpe Fulgur\Recettear - An Item Shops Tale\recettear.exe
C:\Users\pidlo\Desktop\hry\Smite.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe game=300 product=17
C:\Users\pidlo\Desktop\hry\Soul-Aion Launcher – zástupce.lnk -
C:\Users\pidlo\Desktop\hry\Spustit RC Cars.lnk -
C:\Users\pidlo\Desktop\hry\The Elder Scrolls V Skyrim LE.lnk -
C:\Users\pidlo\Desktop\hry\Warcraft III.lnk -
C:\Users\pidlo\Desktop\hry\Painkiller\Painkiller.lnk - C:\Users\pidlo\Desktop\GM\Bin\Painkiller.exe
C:\Users\pidlo\Desktop\Milda\Milda\prezentace soš\Nová složka\Prezentace - HOTOVO oprava 1\VY_32_inovace_39\09\Zástupce - O 09.lnk -
C:\Users\UpdatusUser\Desktop\ABCgames Cheater.lnk - C:\Program Files (x86)\ABCgames Cheater\ABC_Cheater.exe
C:\Users\UpdatusUser\Desktop\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\UpdatusUser\Desktop\Drači oko.lnk -
C:\Users\UpdatusUser\Desktop\Empire of Magic.lnk - C:\Program Files (x86)\EOM\Eom.exe
C:\Users\UpdatusUser\Desktop\FlatOut2.lnk - C:\Program Files\FlatOut2\FlatOut2.exe
C:\Users\UpdatusUser\Desktop\Frozen Throne.lnk - C:\Program Files (x86)\Warcraft III\Frozen Throne.exe
C:\Users\UpdatusUser\Desktop\Warcraft III.lnk - C:\Program Files (x86)\Warcraft III\Warcraft III.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

==== shortcuts in Users Start Menu ======================

C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\pidlo\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\pidlo\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Grand Theft Auto San Andreas™.lnk -
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Fighter 2 v1.9\LF2.lnk - C:\Program Files (x86)\LittleFighter2\LF2_v1.9\lf2.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Fighter 2 v1.9\Uninstall Little Fighter 2 v1.9.lnk - C:\Program Files (x86)\LittleFighter2\LF2_v1.9\Uninstal.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent\Složka nastavení.lnk -
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent\Uninstall.lnk - C:\Users\pidlo\AppData\Roaming\uTorrent\uninstall.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent\µTorrent.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator.lnk - C:\Program Files (x86)\Goat Simulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carpe Fulgur\Recettear - An Item Shops Tale\Recettear - An Item Shops Tale.lnk - C:\Program Files (x86)\Carpe Fulgur\Recettear - An Item Shops Tale\recettear.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carpe Fulgur\Recettear - An Item Shops Tale\Settings.lnk - C:\Program Files (x86)\Carpe Fulgur\Recettear - An Item Shops Tale\custom.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carpe Fulgur\Recettear - An Item Shops Tale\Uninstall Recettear - An Item Shops Tale.lnk - C:\Program Files (x86)\Carpe Fulgur\Recettear - An Item Shops Tale\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Antivirus\COMODO Antivirus.lnk - C:\Program Files (x86)\COMODO\COMODO Internet Security\cistray.exe --shortcut
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Antivirus\Přidat a odebrat komponenty.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dragon\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dragon\Uninstall Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\GeekBuddy\GeekBuddy.lnk - C:\Program Files\COMODO\GeekBuddy\launcher.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DmC - Devil May Cry\Hrať DmC - Devil May Cry.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DmC - Devil May Cry\Odinštalovať DmC - Devil May Cry.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Gameforge Live.lnk - C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live\Odinstalovat aplikaci Gameforge Live.lnk - C:\Program Files (x86)\GameforgeLive\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player\Uninstall.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Hi-Rez Diagnostics and Support.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Smite.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezLauncherUI.exe game=300 product=17
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk - C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe uninstall=all
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry\Middle Earth - Shadow of Mordor\Middle Earth - Shadow of Mordor.lnk - C:\Hry\Middle Earth - Shadow of Mordor\x64\ShadowOfMordor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hry\Middle Earth - Shadow of Mordor\Odinstalovat Middle Earth - Shadow of Mordor.lnk - C:\Hry\Middle Earth - Shadow of Mordor\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk - C:\Program Files\Java\jdk1.8.0_31\bin\jmc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\SHAREit.lnk - C:\Program Files (x86)\Lenovo\SHAREit\Shareit.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Little Fighter 2.lnk - C:\Program Files (x86)\LittleFighter2\LF2_v1.9c\lf2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Uninstall.lnk - C:\Program Files (x86)\LittleFighter2\LF2_v1.9c\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2\Website.lnk - C:\Program Files (x86)\LittleFighter2\LF2_v1.9c\Little Fighter 2.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Odinstalovat aplikaci Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher 1.8\Minecraft Launcher 1.8.lnk - C:\Program Files (x86)\Mojang\Minecraft Launcher 1.8\Minecraft Launcher 1.8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(CZ)\NosTale.lnk - C:\Program Files (x86)\GameforgeLive\GameforgeLive.exe "C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\NosTale\Nostale.exe" -start Nostale
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nostale(CZ)\Uninstall Nostale.lnk - C:\Program Files (x86)\GameforgeLive\Games\CZE_ces\NosTale\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Play GTA San Andreas.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\README.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\ReadMe\Readme.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\GTA San Andreas\Uninstall GTA San Andreas.lnk - C:\Windows\system32\RunDll32.exe C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD\FlatOut2\Odinstalovat FlatOut2.lnk - C:\Program Files\FlatOut2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD\FlatOut2\Spustit FlatOut2.lnk - C:\Program Files\FlatOut2\FlatOut2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD\FlatOut2\Web FlatOut2.lnk - C:\Program Files\FlatOut2\game.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD\FlatOut2\Web TopCD.lnk - C:\Program Files\FlatOut2\TopCD.url

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CABAL Online (EU).lnk - C:\Program Files (x86)\CABAL Online (EU)\cabal.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe http://www.omniboxes.com/?type=sc&ts=14 ... XXZ1D530ZG
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk - C:\Program Files (x86)\Bandicam\bdcam.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\GeekBuddy\GeekBuddy.lnk - C:\Program Files\COMODO\GeekBuddy\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\pidlo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\pidlo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\pidlo\AppData\Local\Mozilla\Firefox\Profiles\lzoo6rau.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\pidlo\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\pidlo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=862 folders=365 166864319 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\pidlo\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\pidlo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\pidlo\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\pidlo\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\pidlo\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\pidlo\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\pidlo\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on st 18.03.2015 at 13:08:47,97 ======================

[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7][x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\pidlo\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2229232713-360834936-347754365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 5 ¤¤¤
[Suspicious.Path] QE.job -- C:\Users\pidlo\AppData\Roaming\QE.exe (/infocmdline=OZ9c3Iq5tq3Tm1ysAQFZiWOGhrc8K4Fksn5OP3SMG1TIQYC57bwZ29ELyk058T4/jsshJiC6Q3l35xZMD4xLQa+rjn3yaCCAFADGKrIkJcWWn6TdDseqPVXb9pkHqCRFIqCSov+m6s+QXepjFwHv0b9xRuOAg7dEGYOHQUEXMv8T+HLgz17Q90DeYixBjHY75ZLP6l/tE6EQAoaeidARuF4tWbTIYD5O0+jnU1jvy5E222Okn4SOvnmohjSl7UJaiCPM6ZSVI+scSP4kL6WD9B4Ghl58d/fjCoHAl6tObaQb7nGpMwx1ZkDiEATwwIxN60HQBoFV3EkQhczCtTL08DY0ydKjRcjoO9ZRc98m/8mMg79URgF5HzoUfK8m7ZH+uF9Ki3BAI5FCeBtg9pYLsoftEA/PFiNGfvAhdXyel1Y8uFjO/zyrpXRvjnBqnkua23znCielxIiEvDq3M+N09pi1RAn0h+2ShofYnv2Q7/Dhhz4DI7lV98vM6pHnNHrD) -> Smazáno
[Suspicious.Path] VGBZBBG.job -- C:\Users\pidlo\AppData\Roaming\VGBZBBG.exe (/infocmdline=bLt/jCjGHuPSTe7HLkrJWbo8JjE/xFp0jgRAGGiZih0IGTsUf2N4VvmsIKk1BbmtnJlE7DXbiOzc2i0XWSMKq7U96c6WWhE8lU5LVjwoctmZVgwsrjSYL9IA65thqilfkpudvmW9kpuw27guTH0wkCyR4CEQy/gIzP3esgIjv20o86Z4+Mxeac0yz/NuBGfqNyAcvFpSLjYIQrFxOmNRDKN0TN6u+jj+ttqYl0pOEL0NZH54qjhicVJCL0ITwo8zlMhcsfFbzQFivu73jes4RmRAu/itQKsKm7yYUlG5E1HxDgp/6teGW040v7QyPhM/IikoVIbE05HdC2bMirOSfsHsg0faR0exJ7/tpnScSaNrrMgnSxn/EHOluFSycjKpIpm6Q/C0BqFbwlhUv+MvX6Vr2jVGDap1t6i/rad/TI2Hi6Uz3zqxitOvpx4Bxh8mfjrVLVKssG7Busr6nlq8qVwjPJ7s0sWsFr3Q64iyMReu7JZBHO8DYCgG5hwk+QT8qA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Smazáno
[Suspicious.Path] \\QE -- C:\Users\pidlo\AppData\Roaming\QE.exe (/infocmdline=OZ9c3Iq5tq3Tm1ysAQFZiWOGhrc8K4Fksn5OP3SMG1TIQYC57bwZ29ELyk058T4/jsshJiC6Q3l35xZMD4xLQa+rjn3yaCCAFADGKrIkJcWWn6TdDseqPVXb9pkHqCRFIqCSov+m6s+QXepjFwHv0b9xRuOAg7dEGYOHQUEXMv8T+HLgz17Q90DeYixBjHY75ZLP6l/tE6EQAoaeidARuF4tWbTIYD5O0+jnU1jvy5E222Okn4SOvnmohjSl7UJaiCPM6ZSVI+scSP4kL6WD9B4Ghl58d/fjCoHAl6tObaQb7nGpMwx1ZkDiEATwwIxN60HQBoFV3EkQhczCtTL08DY0ydKjRcjoO9ZRc98m/8mMg79URgF5HzoUfK8m7ZH+uF9Ki3BAI5FCeBtg9pYLsoftEA/PFiNGfvAhdXyel1Y8uFjO/zyrpXRvjnBqnkua23znCielxIiEvDq3M+N09pi1RAn0h+2ShofYnv2Q7/Dhhz4DI7lV98vM6pHnNHrD) -> Smazáno
[Suspicious.Path] \\VGBZBBG -- C:\Users\pidlo\AppData\Roaming\VGBZBBG.exe (/infocmdline=bLt/jCjGHuPSTe7HLkrJWbo8JjE/xFp0jgRAGGiZih0IGTsUf2N4VvmsIKk1BbmtnJlE7DXbiOzc2i0XWSMKq7U96c6WWhE8lU5LVjwoctmZVgwsrjSYL9IA65thqilfkpudvmW9kpuw27guTH0wkCyR4CEQy/gIzP3esgIjv20o86Z4+Mxeac0yz/NuBGfqNyAcvFpSLjYIQrFxOmNRDKN0TN6u+jj+ttqYl0pOEL0NZH54qjhicVJCL0ITwo8zlMhcsfFbzQFivu73jes4RmRAu/itQKsKm7yYUlG5E1HxDgp/6teGW040v7QyPhM/IikoVIbE05HdC2bMirOSfsHsg0faR0exJ7/tpnScSaNrrMgnSxn/EHOluFSycjKpIpm6Q/C0BqFbwlhUv+MvX6Vr2jVGDap1t6i/rad/TI2Hi6Uz3zqxitOvpx4Bxh8mfjrVLVKssG7Busr6nlq8qVwjPJ7s0sWsFr3Q64iyMReu7JZBHO8DYCgG5hwk+QT8qA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> ERROR [0]
[Suspicious.Path] \\{232CCFF3-F866-4A70-AAE7-5215AFA866FA} -- C:\Users\pidlo\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[FIREFX:Addon] lzoo6rau.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 9d3fe8e361a2ed1bd8de605a7dc83841
[BSP] d437633418b06fce5f9faffdf0544274 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_02242015_191732.log - RKreport_SCN_02242015_153453.log - RKreport_SCN_02242015_191527.log - RKreport_SCN_03172015_205643.log
RKreport_SCN_03182015_121446.log

Příspěvekod **jaro3** » 18 bře 2015 18:13

Vlož nový log z HJT + informuj o problémech.

pidlo · Příspěvekod **pidlo** » 19 bře 2015 08:08

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:42, on 19.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)

FIREFOX: 36.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SmartClock\SmartClock.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe Arkalis\Adobe_Arkalis.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera_crashreporter.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\28.0.1750.48\opera.exe
C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe
C:\Users\pidlo\Desktop\HijackThis.exe
C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\awesomium_process.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WindowsDriverScan86] C:\Program Files (x86)\Adobe Arkalis\Arkalis86.lnk
O4 - HKLM\..\Run: [WindowsDriverScan64] C:\Program Files (x86)\Adobe Arkalis\Arkalis.lnk
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SmartClock] C:\Program Files (x86)\SmartClock\SmartClock.exe /boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2229232713-360834936-347754365-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCCB6769-7BB8-4166-BF5F-3D25B255F9A9}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10449 bytes

reklamy jsou fuč je to lepší.

Příspěvekod **Orcus** » 19 bře 2015 08:26

Tyhle IP znáš?
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCCB6769-7BB8-4166-BF5F-3D25B255F9A9}: NameServer = 156.154.70.25,156.154.71.25

pidlo · Příspěvekod **pidlo** » 19 bře 2015 12:27

nic mi to neříká netuším jestli to není ke steamu k warframe k heartstone nebo k lolku vubec nevím k čemu by ty ip mohli být. možná k csku.

Příspěvekod **jaro3** » 19 bře 2015 18:49

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

kontrola logu nepříjemné reklamy ve všech prohlížečích Vyřešeno

kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Re: kontrola logu nepříjemné reklamy ve všech prohlížečích

Kdo je online