PLS pomoc s odvirováním Vyřešeno

[Jan Pašek]

Tož jenda zas dostal za úkol nakonfigurovat nové PC a nějak to pohnojil bo mam zas zavirovano Mbam 39 nálezů
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.08.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Jarmila :: HP_PROBOOK [administrátor]

8. 3. 2014 19:45:14
MBAM-log-2014-03-08 (19-50-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 214070
Uplynulý čas: 3 minut, 40 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 14
HKCR\CLSID\{11111111-1111-1111-1111-110511071178} (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{44444444-4444-4444-4444-440544074478} (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{55555555-5555-5555-5555-550555075578} (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0050778.BHO.1 (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178} (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071178} (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0050778.BHO (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0050778.Sandbox (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0050778.Sandbox.1 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\PROGRAM FILES (X86)\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 24
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-bho.dll (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\Users\Jarmila\AppData\Local\Temp\bitool.dll (PUP.Optional.Somoto) -> Nebyla provedena žádná instrukce.
C:\Users\Jarmila\AppData\Local\Temp\plus-hd-7-6row.exe (Heuristics.Shuriken) -> Nebyla provedena žádná instrukce.
C:\Users\Jarmila\AppData\Local\Temp\~6018.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Jarmila\Local Settings\Temporary Internet Files\Content.IE5\I8WZ4JLY\DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\Plus-HD-7.6-codedownloader.job (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\Plus-HD-7.6-enabler.job (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\Plus-HD-7.6-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\Plus-HD-7.6-updater.job (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\Plus-HD-7.6-validator.job (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\50778.crx (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\50778.xpi (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\background.html (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Installer.log (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-bg.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-bho64.dll (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-codedownloader.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-enabler.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-updater.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-validator.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6.ico (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Uninstall.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\utils.exe (PUP.Optional.PlusHD.A) -> Nebyla provedena žádná instrukce.

(konec)

[Reklama]

[Orcus]

Tož všecko je balast, kterej se tam dostal nejspíš při instalaci nějakýho programu.

dej nám sem log z HJT + toto:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

===================================================

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

====================================================

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

[Jan Pašek]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:27:03, on 9. 3. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal

Running processes:
C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Jarmila\Desktop\Servis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0050778 - {11111111-1111-1111-1111-110511071178} - C:\Program Files (x86)\Plus-HD-7.6\Plus-HD-7.6-bho.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Jarmila\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\Program Files (x86)\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HP Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\windows\SysWOW64\flcdlock.exe
O23 - Service: HP HotSpot 1.0 Service (HotSpotSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP File Sanitizer (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem4.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10944 bytes

[Orcus]

HJT OK, uvidíme co zbytek. Pokud se nic nenajde, mělo by to být ok.

[Jan Pašek]

# AdwCleaner v3.020 - Report created 09/03/2014 at 09:41:35
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Jarmila - HP_PROBOOK
# Running from : C:\Users\Jarmila\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\System32\Tasks\Plus-HD-7.6-codedownloader
File Found : C:\WINDOWS\System32\Tasks\Plus-HD-7.6-enabler
File Found : C:\WINDOWS\System32\Tasks\Plus-HD-7.6-firefoxinstaller
File Found : C:\WINDOWS\System32\Tasks\Plus-HD-7.6-updater
File Found : C:\WINDOWS\Tasks\Plus-HD-7.6-codedownloader.job
File Found : C:\WINDOWS\Tasks\Plus-HD-7.6-enabler.job
File Found : C:\WINDOWS\Tasks\Plus-HD-7.6-firefoxinstaller.job
File Found : C:\WINDOWS\Tasks\Plus-HD-7.6-updater.job
Folder Found : C:\Users\Jarmila\AppData\Roaming\Mozilla\Firefox\Profiles\5h79tdzw.default\Extensions\1079a15c-f3ae-4d92-b473-c51c7f3bc6de@63449f71-c434-4007-828c-7025ecf04b05.com
Folder Found C:\Program Files (x86)\Plus-HD-7.6

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Plus-HD-7.6
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071178}
Key Found : [x64] HKCU\Software\installedbrowserextensions
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511071178}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0050778.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0050778.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0050778.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0050778.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555075578}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544074478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7fda7a93-03c5-4b8d-af9a-0463a0fccbae}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7fda7a93-03c5-4b8d-af9a-0463a0fccbae}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7fda7a93-03c5-4b8d-af9a-0463a0fccbae}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e49d544d-7f3f-4301-ac99-844234b08e42}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e49d544d-7f3f-4301-ac99-844234b08e42}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e49d544d-7f3f-4301-ac99-844234b08e42}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-7.6
Key Found : HKLM\Software\Plus-HD-7.6
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511071178}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555075578}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7fda7a93-03c5-4b8d-af9a-0463a0fccbae}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7fda7a93-03c5-4b8d-af9a-0463a0fccbae}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7fda7a93-03c5-4b8d-af9a-0463a0fccbae}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e49d544d-7f3f-4301-ac99-844234b08e42}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e49d544d-7f3f-4301-ac99-844234b08e42}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e49d544d-7f3f-4301-ac99-844234b08e42}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (cs)

[ File : C:\Users\Jarmila\AppData\Roaming\Mozilla\Firefox\Profiles\5h79tdzw.default\prefs.js ]

Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.InstallationThankYouPage", false);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.InstallationTime", 1393680666);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778_dbWasSet", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778_dbWasSet_FF25_FIX", true[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.active", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.addressbar", "NA");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.addressbarenhanced", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.asyncdb.was_copied", "true");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.asyncdb_dbWasSet", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.asyncdb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.asyncinternaldb.was_copied", "true");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.asyncinternaldb_dbWasSet", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.backgroundver", 1);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.certdomaininstaller", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.changeprevious", false);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.InstallationTime.value", "%221393680666%22");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001133%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.load_balancer.expiration", "Sun Mar 09 2014 15:13:08 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.previous_page.value", "%22hxxp%3A//www.pc-help.cz/viewtopic.php%3Ff%3D70%26t%3D128493%26p%3[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.cookie.user_id.value", "%2214481aafeaad5e9261644c65d4af56dd%22");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.description", "Turn YouTube videos to High Definition by default");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.domain", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.enablesearch", false);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.homepage", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.iframe", false);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22A6481BD1CAF849BFA48F2DDA8DADC[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001133%22%2C%22sub_id%22%3A%220%22%2C%[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001133%22%2C%22sub_id%22%3A%220%2[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22A6481BD1CAF849BFA48F[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_appVer.value", "33");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_lastVersion.value", "1");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_meta.value", "%7B%7D");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_nextCheck.expiration", "Sun Mar 09 2014 15:13:06 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_nextCheck.value", "true");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_queue.value", "%7B%7D");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__global_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__global_rules.value", "%5B%7B%22rules%22%3A%7B%22delay_between_ads_in_s[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__global_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__global_rules_verion.value", "2");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__is_send_log.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__is_send_log.value", "false");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__last_daily_visit.expiration", "Mon Mar 10 2014 05:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__last_daily_visit.value", "1394352787725");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__last_impression_time.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__last_impression_time.value", "1394354336700");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__marketing_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__marketing_rules.value", "%7B%22rules%22%3A%5B%7B%22ad_type%22%3A%22sit[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.value", "13");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pages_visited_count.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pages_visited_count.value", "3");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pagevies_count_10.2.2014.expiration", "Thu Mar 20 2014 05:00:00 GMT+01[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pagevies_count_10.2.2014.value", "21");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pagevies_count_6.2.2014.expiration", "Sun Mar 16 2014 05:00:00 GMT+010[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pagevies_count_6.2.2014.value", "61");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pagevies_count_9.2.2014.expiration", "Wed Mar 19 2014 05:00:00 GMT+010[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__pagevies_count_9.2.2014.value", "23");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__send_log_percent.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__send_log_percent.value", "0.0005");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__siteunder_protection.expiration", "Sun Mar 09 2014 09:40:56 GMT+0100")[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__siteunder_protection.value", "true");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__total_impressions_today.expiration", "Mon Mar 10 2014 05:00:00 GMT+010[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__total_impressions_today.value", "3");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__total_impressions_today_siteunder.expiration", "Mon Mar 10 2014 05:00:[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__total_impressions_today_siteunder.value", "3");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__verions_data.expiration", "Sun Mar 09 2014 15:13:07 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__ICM_DOWNLOADS__verions_data.value", "%7B%22global_rules_version%22%3A2%2C%22marketing[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.__defualt_browser__.value", "%22ie%22");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb._country_code_.value", "%22CZ%22");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22A6481BD1[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_bundledWithHash.value", "null");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_last_executable_request.expiration", "Sun Mar 09 2014 21:30:08 GMT+[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//files2.majorgeeks.com/[...]
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.lastDailyReport", "1394352786135");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.lastUpdate", "1394352786396");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.manifesturl", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.name", "Plus-HD-7.6");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.newtab", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.opensearch", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/50778/plugins/094/ff/plugins.json");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.pluginsversion", 29);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.publisher", "Plus HD");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.searchstatus", 0);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.setnewtab", false);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.thankyou", "");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.updateinterval", 360);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.50778.ver", 33);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.FilesValidatorDueTime", "1394352841020");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.apps", "50778");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.bic", "14481aafeaad5e9261644c65d4af56dd");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.cid", 50778);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.firstrun", false);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.hadappinstalled", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.installationdate", 1393744871);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.modetype", "production");
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.reportInstall", true);
Line Found : user_pref("extensions.a1079a15cf3ae4d92b473c51c7f3bc6de63449f71c4344007828c7025ecf04b05com50778.statsDailyCounter", 7);
Line Found : user_pref("extensions.crossrider.bic", "14481aafeaad5e9261644c65d4af56dd");

*************************

AdwCleaner[R0].txt - [26265 octets] - [09/03/2014 09:41:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26326 octets] ##########

[Jan Pašek]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.09.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Jarmila :: HP_PROBOOK [administrátor]

9. 3. 2014 10:02:50
mbam-log-2014-03-09 (10-02-50).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 213938
Uplynulý čas: 3 minut, 12 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 14
HKCR\CLSID\{11111111-1111-1111-1111-110511071178} (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\TypeLib\{44444444-4444-4444-4444-440544074478} (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{55555555-5555-5555-5555-550555075578} (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\CrossriderApp0050778.BHO.1 (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071178} (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071178} (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\CrossriderApp0050778.BHO (PUP.Optional.CrossRider.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\CrossriderApp0050778.Sandbox (PUP.Optional.CrossRider.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\CrossriderApp0050778.Sandbox.1 (PUP.Optional.CrossRider.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\AppDataLow\Software\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\PROGRAM FILES (X86)\Plus-HD-7.6 (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 21
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-bho.dll (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Jarmila\Local Settings\Temporary Internet Files\Content.IE5\I8WZ4JLY\DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\Tasks\Plus-HD-7.6-codedownloader.job (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\Tasks\Plus-HD-7.6-enabler.job (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\Tasks\Plus-HD-7.6-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\Tasks\Plus-HD-7.6-updater.job (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\Tasks\Plus-HD-7.6-validator.job (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\50778.crx (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\50778.xpi (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\background.html (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Installer.log (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-bg.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-bho64.dll (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-codedownloader.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-enabler.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-updater.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6-validator.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Plus-HD-7.6.ico (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\Uninstall.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.
C:\PROGRAM FILES (X86)\Plus-HD-7.6\utils.exe (PUP.Optional.PlusHD.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

[Orcus]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Jan Pašek]

# AdwCleaner v3.020 - Report created 09/03/2014 at 18:35:34
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Jarmila - HP_PROBOOK
# Running from : C:\Users\Jarmila\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522072278}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566076678}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKLM\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Mozilla Firefox v27.0.1 (cs)

[ File : C:\Users\Jarmila\AppData\Roaming\Mozilla\Firefox\Profiles\5h79tdzw.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "14481aafeaad5e9261644c65d4af56dd");

*************************

AdwCleaner[R0].txt - [26455 octets] - [09/03/2014 09:41:35]
AdwCleaner[R1].txt - [1393 octets] - [09/03/2014 18:34:51]
AdwCleaner[S0].txt - [1260 octets] - [09/03/2014 18:35:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1320 octets] ##########
POstupný upload až bude další přidám

[Jan Pašek]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Jarmila on ne 09. 03. 2014 at 18:46:21,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9A3B712D-DA87-4B4A-B82D-88B351F1EA8A}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Jarmila\AppData\Roaming\mozilla\firefox\profiles\5h79tdzw.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 09. 03. 2014 at 18:54:43,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Jan Pašek]

RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Jarmila [Práva správce]
Mód : Kontrola -- Datum : 03/09/2014 19:14:16
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\27364libfoxloader-x64.dll [x] -> ODEBRÁNO
[SUSP PATH] szndesktop.exe -- C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\szndesktop.exe [7] -> SMAZÁNO [TermProc]
[SUSP PATH] listicka-x64.exe -- C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe [7] -> SMAZÁNO [TermThr]

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-630566210-3188901031-249553351-1002\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-630566210-3188901031-249553351-1002\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_03092014_191416.txt >>

[Orcus]

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Poté znovu nainstaluj seznam lištičku + tu druhou aplikaci od seznamu, je-li nutno. Nejspíš budou totiž kaput.

Jak to vypadá s problémy?

[Jan Pašek]

RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Jarmila [Práva správce]
Mód : Odebrat -- Datum : 03/09/2014 19:28:30
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKCU\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> VYMAZÁNO
[RUN][SUSP PATH] HKUS\S-1-5-21-630566210-3188901031-249553351-1002\[...]\Run : cz.seznam.software.autoupdate ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[RUN][SUSP PATH] HKUS\S-1-5-21-630566210-3188901031-249553351-1002\[...]\Run : cz.seznam.software.szndesktop ("C:\Users\Jarmila\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7]) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_03092014_192830.txt >>
RKreport[0]_S_03092014_191416.txt;RKreport[0]_S_03092014_192800.txt



Problémy zatím nevím až to projedu ještě předchvílí na mne z firefoxu skákala nevyžádaná okna s nabídkou na hry