Vyskakující reklamní banery v Mozille

[koblizek82]

Dobrý den, v prohlížeči mozilla mi neustále vyskakují reklamní banery. Zde je FRS:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-10-2014 01
Ran by Admin (administrator) on ADMIN-PC on 10-10-2014 19:45:44
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin & UpdatusUser (Available profiles: Admin & UpdatusUser & Eliška & Anička)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(PS Media s.r.o.) C:\Windows\System32\ssins.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\HP\HP UT\bin\hppusg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac7302\Monitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
() C:\Windows\System32\ZSM1120.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-14] (Realtek Semiconductor)
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [103936 2014-03-04] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-11-02] ()
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2916352 2013-01-09] (Leadtek Research Inc.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [SystemProc] => C:\Users\Public\Other\run.vbs [74 2014-02-06] ()
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe [3211776 2014-09-30] ()
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1349233872-4080188232-1638137599-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1349233872-4080188232-1638137599-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1349233872-4080188232-1638137599-1002\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: jid01kqApO5BUHwjBQft5BEUXHXZjCAjetpack - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\Extensions\jid0-1kqApO5BUHwjBQft5BEUXHXZjCA@jetpack [2014-10-10]
FF Extension: iWebar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-10-06]
FF Extension: Shopper-Pro - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-10-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-05-15]

Chrome:
=======
CHR HomePage: Default -> 3D68D1F4CB724D18561CAC58B7EC263FAA857043D431D80F2AF38DDE28A2C770
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> 1990E947613E26CB63EA6AA57AE3C82464A4ECC46D83196B0CED7CDDD594DB55
CHR DefaultSearchProvider: Default -> 29F91CE3426C799F97B5FC8C80821FB96EB06345893CDDBC46030D2EDE91BAFF
CHR DefaultSearchURL: Default -> 44E781FFD0DA55BCA66FD0470A6E091C813FA61C5F19B659350AD0DDDF8B6592
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-10]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-10]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-10]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-10]
CHR Extension: (mfhcchbdblkggcenfmmpgkpgphfhfcbe) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhcchbdblkggcenfmmpgkpgphfhfcbe [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [1813504 2014-09-30] (ShopperPro) [File not signed]
R2 ssinstall; C:\Windows\System32\ssins.exe [2324216 2014-06-21] (PS Media s.r.o.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl0e7b8999; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E895F513-4492-470C-A812-DB53270CB0C7}\MpKsl0e7b8999.sys [39464 2014-10-10] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [461824 2009-04-28] (PixArt Imaging Inc.)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [26112 2014-09-30] () [File not signed]
S2 SPDRIVER_1.37.0.1323; C:\Program Files\ShopperPro\JSDriver\1.37.0.1323\jsdrv.sys [41320 2014-09-30] ()
R3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 19:45 - 2014-10-10 19:47 - 00015564 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-10-10 19:45 - 2014-10-10 19:46 - 00000000 ____D () C:\FRST
2014-10-10 19:43 - 2014-10-10 19:43 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2014-10-10 19:42 - 2014-10-10 19:42 - 01101312 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-10-10 18:53 - 2014-10-10 19:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-10 18:53 - 2014-10-10 18:57 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-10-10 18:49 - 2014-10-10 18:51 - 19874272 _____ (SUPERAntiSpyware) C:\Users\Admin\Downloads\SUPERAntiSpyware.exe
2014-10-10 18:42 - 2014-10-10 18:45 - 35089088 _____ () C:\Users\Admin\Downloads\Firefox Setup 32.0.3.exe
2014-10-08 19:24 - 2014-10-08 19:24 - 00000254 _____ () C:\Users\Admin\Desktop\Hrej hru Sports heads tennis - Sportovní hry online Herna.biz.URL
2014-10-07 19:33 - 2014-10-07 19:33 - 00000216 _____ () C:\Users\Admin\Desktop\Money Movers Kizi - Online Games - Life Is Fun!.URL
2014-10-07 16:29 - 2014-10-07 16:29 - 00000242 _____ () C:\Users\Admin\Desktop\Hrej hru Ice run - Sportovní hry online Herna.biz.URL
2014-10-06 23:13 - 2014-10-06 23:13 - 00000293 _____ () C:\Users\Admin\Desktop\www.mobilopravna.cz - Reproduktor Nokia originální 661072102600310032006100660066106610i.URL
2014-10-06 23:10 - 2014-10-06 23:10 - 00000279 _____ () C:\Users\Admin\Desktop\reproduktor Nokia 31007650661032006600N70Z52Díly na mobily a příslušenství.URL
2014-10-06 21:54 - 2014-10-06 21:54 - 00170393 _____ () C:\Users\Admin\Downloads\calc.exe
2014-10-06 21:54 - 2014-10-06 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldUnlock Calculator
2014-10-06 21:01 - 2014-10-10 19:38 - 00000000 ____D () C:\Program Files\Google
2014-10-06 21:01 - 2014-10-07 15:07 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-06 21:01 - 2014-10-06 21:01 - 00000000 ____D () C:\Users\Admin\AppData\Local\globalUpdate
2014-10-06 20:29 - 2014-10-06 20:29 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-10-06 20:29 - 2014-10-06 20:29 - 00000000 ____D () C:\ProgramData\ShopperPro
2014-10-06 20:29 - 2014-10-06 20:29 - 00000000 ____D () C:\Program Files\ShopperPro
2014-10-06 20:29 - 2014-10-06 20:29 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2014-10-06 20:28 - 2014-10-06 21:11 - 00000000 ____D () C:\Program Files\PodoWeb
2014-10-06 20:28 - 2014-10-06 20:28 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashRpt
2014-10-06 20:27 - 2014-10-06 21:57 - 00000000 ____D () C:\Program Files\Seznam.cz
2014-10-06 20:26 - 2014-10-06 21:57 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Seznam.cz
2014-10-06 20:26 - 2014-10-06 20:26 - 00134858 _____ () C:\Users\Admin\Desktop\worldunlock_v44_setup.zip
2014-10-06 20:25 - 2014-10-06 20:25 - 00134858 _____ () C:\Users\Admin\Downloads\WorldUnlock_v44_Setup.zip
2014-10-06 20:05 - 2014-10-06 20:05 - 00236561 _____ () C:\Users\Admin\Downloads\code_calculator1.zip
2014-10-05 16:30 - 2014-10-05 16:30 - 00000000 ____D () C:\Users\Anička\AppData\Roaming\EurekaLog
2014-10-05 10:52 - 2014-10-05 10:52 - 00002278 _____ () C:\Users\Eliška\Documents\propast.bmp
2014-10-05 10:51 - 2014-10-05 10:51 - 00002378 _____ () C:\Users\Eliška\Documents\jeskyne.bmp
2014-10-05 10:48 - 2014-10-05 10:48 - 00001878 _____ () C:\Users\Eliška\Documents\zřícenina_hradu.bmp
2014-09-30 15:56 - 2014-09-30 15:56 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\OpenOffice.org
2014-09-27 14:17 - 2014-09-27 14:17 - 00000000 ____D () C:\Users\Eliška\AppData\Local\GHISLER
2014-09-27 14:08 - 2014-09-27 14:08 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\GHISLER
2014-09-27 13:38 - 2014-09-27 13:38 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\EurekaLog
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Users\Anička\AppData\Roaming\Adobe
2014-09-26 20:14 - 2014-09-26 20:14 - 00000000 ____D () C:\Users\Anička\AppData\Local\ArcSoft
2014-09-26 20:13 - 2014-10-05 16:30 - 00000000 ____D () C:\Users\Anička\AppData\Local\VirtualStore
2014-09-26 20:13 - 2014-09-26 20:14 - 00000000 ____D () C:\Users\Anička\AppData\Roaming\ArcSoft
2014-09-26 20:13 - 2014-09-26 20:13 - 00055304 _____ () C:\Users\Anička\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 20:13 - 2014-09-26 20:13 - 00001258 __RSH () C:\Users\Anička\ntuser.pol
2014-09-26 20:13 - 2014-09-26 20:13 - 00000949 _____ () C:\Users\Anička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-26 20:13 - 2014-09-26 20:13 - 00000944 _____ () C:\Users\Anička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-26 20:13 - 2014-09-26 20:13 - 00000915 _____ () C:\Users\Anička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-26 20:13 - 2014-09-26 20:13 - 00000020 ___SH () C:\Users\Anička\ntuser.ini
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Šablony
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Soubory cookie
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Okolní tiskárny
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Okolní síť
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Nabídka Start
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Dokumenty
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Documents\Obrázky
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Documents\Hudba
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Documents\Filmy
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\Data aplikací
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\AppData\Local\Historie
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 _SHDL () C:\Users\Anička\AppData\Local\Data aplikací
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 ____D () C:\Users\Anička\AppData\Roaming\Memostation
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 ____D () C:\Users\Anička
2014-09-26 20:13 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\Anička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-26 20:13 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\Anička\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 20:07 - 2014-09-26 20:07 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\Memostation
2014-09-26 20:05 - 2014-09-26 20:05 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\Macromedia
2014-09-26 20:05 - 2014-09-26 20:05 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\Adobe
2014-09-26 20:05 - 2014-09-26 20:05 - 00000000 ____D () C:\Users\Eliška\AppData\Local\Macromedia
2014-09-26 20:02 - 2014-09-26 20:02 - 00000000 ____D () C:\Users\Eliška\AppData\Local\ArcSoft
2014-09-26 20:01 - 2014-09-26 20:03 - 00000000 ____D () C:\Users\Eliška\AppData\Local\VirtualStore
2014-09-26 20:01 - 2014-09-26 20:02 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\Mozilla
2014-09-26 20:01 - 2014-09-26 20:02 - 00000000 ____D () C:\Users\Eliška\AppData\Roaming\ArcSoft
2014-09-26 20:01 - 2014-09-26 20:01 - 00055304 _____ () C:\Users\Eliška\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-26 20:01 - 2014-09-26 20:01 - 00001258 __RSH () C:\Users\Eliška\ntuser.pol
2014-09-26 20:01 - 2014-09-26 20:01 - 00000949 _____ () C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-26 20:01 - 2014-09-26 20:01 - 00000944 _____ () C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-26 20:01 - 2014-09-26 20:01 - 00000915 _____ () C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-09-26 20:01 - 2014-09-26 20:01 - 00000020 ___SH () C:\Users\Eliška\ntuser.ini
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Šablony
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Soubory cookie
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Okolní tiskárny
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Okolní síť
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Nabídka Start
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Dokumenty
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Documents\Obrázky
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Documents\Hudba
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Documents\Filmy
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\Data aplikací
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\AppData\Local\Historie
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 _SHDL () C:\Users\Eliška\AppData\Local\Data aplikací
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 ____D () C:\Users\Eliška\AppData\Local\Mozilla
2014-09-26 20:01 - 2014-09-26 20:01 - 00000000 ____D () C:\Users\Eliška
2014-09-26 20:01 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-26 20:01 - 2008-01-21 04:42 - 00000000 ___RD () C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 19:54 - 2014-09-26 19:59 - 00000644 __RSH () C:\Users\Admin\ntuser.pol
2014-09-26 19:12 - 2014-09-26 19:12 - 03240380 _____ () C:\Users\Admin\Downloads\Multiplication_table_up_to_20_x_20.abs
2014-09-25 09:44 - 2014-09-25 09:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 23:19 - 2014-09-24 23:20 - 03220380 _____ () C:\Users\Admin\Downloads\hlavni_mesta_statu_sveta.abs
2014-09-24 21:33 - 2014-09-24 21:33 - 00000782 _____ () C:\Users\Public\Desktop\Memostation.lnk
2014-09-24 21:33 - 2014-09-24 21:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\EurekaLog
2014-09-24 21:33 - 2014-09-24 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memostation
2014-09-24 21:32 - 2014-09-24 21:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Memostation
2014-09-24 21:32 - 2014-09-24 21:32 - 00000000 ____D () C:\Program Files\Memostation
2014-09-24 20:40 - 2014-09-24 20:51 - 107690802 _____ (Memostation.net ) C:\Users\Admin\Downloads\memostation-setup-cs.exe
2014-09-23 20:09 - 2014-09-23 20:10 - 00415928 _____ (Kastner software s.r.o. ) C:\Users\Admin\Downloads\FORMstudio-nc_12SSZ896084.exe
2014-09-22 14:56 - 2014-09-22 14:56 - 00000000 ___RD () C:\Program Files\Skype
2014-09-22 14:56 - 2014-09-22 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-22 14:56 - 2014-09-22 14:56 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-20 17:11 - 2014-10-04 14:21 - 00000000 ____D () C:\Users\Admin\Desktop\XXX

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 19:36 - 2008-01-21 08:47 - 01418230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 19:35 - 2008-01-21 03:35 - 01486681 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 19:33 - 2014-06-21 20:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-10-10 19:30 - 2014-06-21 19:57 - 00000000 _____ () C:\Windows\system32\sinstall.log
2014-10-10 19:29 - 2014-05-15 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-10 19:29 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 19:29 - 2006-11-02 14:47 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 19:29 - 2006-11-02 14:47 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 19:28 - 2014-06-07 13:46 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.minecraft
2014-10-10 19:04 - 2008-01-21 04:47 - 00005708 _____ () C:\Windows\PFRO.log
2014-10-10 19:02 - 2014-06-20 20:14 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-10 19:02 - 2006-11-02 15:01 - 00032524 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-10 18:12 - 2014-05-15 11:51 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 10:22 - 2014-06-22 19:09 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job
2014-10-06 20:57 - 2014-07-27 11:51 - 00000000 ____D () C:\Users\Admin\Desktop\Holky_staženo_z_internetu
2014-10-06 20:25 - 2014-06-01 12:20 - 00000000 ____D () C:\Instalačky
2014-09-30 15:56 - 2014-06-21 20:00 - 00000000 ____D () C:\ProgramData\Skype
2014-09-26 20:03 - 2014-05-15 14:15 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-09-26 20:03 - 2014-05-15 12:02 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-26 20:00 - 2014-05-15 11:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-26 19:59 - 2014-05-15 12:38 - 00000000 ____D () C:\Users\Admin
2014-09-26 19:54 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-24 11:12 - 2014-05-15 11:51 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 11:12 - 2014-05-15 11:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 14:56 - 2014-06-21 20:00 - 00001896 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-22 08:41 - 2014-05-15 12:20 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 19:24 - 2014-05-29 19:42 - 00000000 ____D () C:\Foto
2014-09-10 22:10 - 2014-05-15 13:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 22:09 - 2014-05-16 13:34 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-10 22:09 - 2014-05-16 13:33 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 22:09 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 22:08 - 2014-05-16 13:33 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\appshat_generic.exe
C:\Users\Admin\AppData\Local\Temp\cabex.dll
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\Admin\AppData\Local\Temp\NeroSearchTrayHook_{68A3D602-E581-4BE9-AD96-44DAAF4DDBBB}.dll
C:\Users\Admin\AppData\Local\Temp\PartnerInstaller_smtyc.exe
C:\Users\Admin\AppData\Local\Temp\setup.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetupFull.exe
C:\Users\Admin\AppData\Local\Temp\ssins.exe
C:\Users\Admin\AppData\Local\Temp\unelevate.exe
C:\Users\Admin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 208 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[motji]

Dobrý večer


Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[koblizek82]

# AdwCleaner v3.311 - Report created 10/10/2014 at 21:40:39
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\PodoWeb
Folder Deleted : C:\Program Files\ShopperPro
Folder Deleted : C:\Program Files\Common Files\ShopperPro
Folder Deleted : C:\Users\Admin\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\PodoWeb
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
File Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\user.js
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : ShopperProJSUpd
Task Deleted : SPDriver

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ShopperPro

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18527


-\\ Mozilla Firefox v32.0.3 (x86 cs)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\prefs.js ]

Line Deleted : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A838651%2C%22ver%22%3A1%2C%22status%22%3A1%2C%22name%22%3A%2[...]
Line Deleted : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.Resources_resource_838660.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20t%3Dnew%20RegExp[...]
Line Deleted : user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22[...]
Line Deleted : user_pref("extensions.crossrider.bic", "148e6fa2b772de1988e5930e96f2925c");

[ File : C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\g5i15jpc.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4112 octets] - [10/10/2014 21:39:39]
AdwCleaner[S0].txt - [3970 octets] - [10/10/2014 21:40:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4030 octets] ##########

[motji]

Použijte ještě mbam, log vložte zde http://forum.viry.cz/viewtopic.php?f=29&t=137928

[koblizek82]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.10.2014
Scan Time: 22:15:27
Logfile: malware_new.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.10.09
Rootkit Database: v2014.10.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391806
Time Elapsed: 9 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [ba5768ab8fed96a05c0c40c0b64d0ff1],

Registry Values: 1
PUP.Optional.ShopperPro, HKU\S-1-5-21-1349233872-4080188232-1638137599-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SPDriver, C:\Program Files\ShopperPro\JSDriver\1.37.0.1323\jsdrv.exe, , [040d15fe710ba78f7cbe40dce61d619f]

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\defaults, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\defaults\preferences, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\userCode, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\locale, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\locale\en-US, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin, , [7a9749ca0f6dc076467cb25d1ee5718f],

Files: 142
PUP.Optional.Somoto, C:\Users\Admin\Desktop\worldunlock_v44_setup.zip, , [da373ad9fc80b086790e1d22b74e56aa],
PUP.Optional.Somoto.A, C:\Users\Admin\AppData\Local\Temp\appshat_generic.exe, , [9f72ec27b2cabf77bc9ed64ccf31a858],
PUP.Optional.Somoto, C:\Users\Admin\AppData\Local\Temp\C021.tmp, , [38d90a09b2ca092dc1c63807c63f5aa6],
PUP.Optional.Installcore, C:\Users\Admin\AppData\Local\Temp\PartnerInstaller_smtyc.exe, , [8988d0436913b48246f3524339c95fa1],
PUP.Optional.BPlug, C:\Users\Admin\AppData\Local\Temp\setup.exe, , [739eea294339cd69d3d4ebd220e1f907],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Temp\Install_23025\iwebar.exe, , [3cd5848ffb81cd6906405d6caf521be5],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Temp\Install_24350\sense.exe, , [43ce5fb4a7d50b2b3c0a2f9ab34e6799],
PUP.Optional.GoobZo, C:\Users\Admin\AppData\Local\Temp\Install_6508\delay.exe, , [59b87f9467150f27eba5877dbd482cd4],
PUP.Optional.Somoto, C:\Users\Admin\Downloads\WorldUnlock_v44_Setup.zip, , [070a9c77daa20d293c4b71ce9b6a11ef],
Riskware.BitcoinMiner, C:\Users\Public\Other\minerd.exe, , [7c9527ec4f2d85b10a36d77e37ca28d8],
PUP.Proxy.BCM, C:\Users\Public\Other\mining_proxy.exe, , [838ea073790355e17cc160b6d22e6799],
PUP.Optional.GoobZo, C:\Users\Admin\AppData\Local\Installer\Installiwebar_4582\delay.exe, , [7c9525ee5329a096c5cbb64ebb4a0cf4],
PUP.Optional.GoobZo, C:\Users\Admin\AppData\Local\Installer\Installsense_17343\delay.exe, , [769b3dd6acd07abc39571ee6cc3906fa],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_323436343037303138372d3437415a556c2a3223346c41, , [18f9c053106c86b04ce91a00b3502bd5],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\GoogleCrashHandler.exe, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\GoogleUpdate.exe, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\GoogleUpdateBroker.exe, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\GoogleUpdateHelper.msi, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\GoogleUpdateOnDemand.exe, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\goopdate.dll, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\goopdateres_en.dll, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\npGoogleUpdate4.dll, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\psmachine.dll, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.246985\psuser.dll, , [ba5768ab8fed96a05c0c40c0b64d0ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\GoogleCrashHandler.exe, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\GoogleUpdate.exe, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\GoogleUpdateBroker.exe, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\GoogleUpdateHelper.msi, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\GoogleUpdateOnDemand.exe, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\goopdate.dll, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\goopdateres_en.dll, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\npGoogleUpdate4.dll, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\psmachine.dll, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.GlobalUpdate.A, C:\Users\Admin\AppData\Local\Temp\comh.46198\psuser.dll, , [977a41d21765be78491f35cb7d860ff1],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome.manifest, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\install.rdf, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\1526ca70bd041cf32992c544d20b0391.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\1980d0007460491aeba3e8ed7e46939c.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\72bcf737f16e1c32216615ca0f3e4cca.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\78856e759e12f09e9d52251517ea04f5.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\background.html, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\browser.xul, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\c945151d9e46b9950e706a4fee44b9d7.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\d3eeb250a548d7acb9521c7b068de866.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\dialog.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\ffCoreFilesIndex.txt, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\options.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\options.xul, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\search_dialog.xul, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\61949a0fc982b406defa1ffe0bb9feb4.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\0798e7bf8e2facd90bcd0cf163e47a46.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\16f7d915b4709b67efc6b9b23f134679.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\31707e07200446fabee90f3175d38d80.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\36f7ae8899eb11ae32b95b2648c6d755.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\3835d717b5caafda5ae4e38b48bcac6f.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\3ea1febbfb7e2b0fcec49d6405446188.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\4d4650127218645fd92369cd75cdc0af.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\54613c9eadcf40c9705d2e5dbc65c311.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\7aace0be7c7a09a5df893fef5a9bb8c7.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\8c99c667a740e7dc10945d7f88815162.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\b8bf8fa8164d72a01e98ffa8eddddd4c.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\de6af4234053ab0be2fb8b4fd6620cf1.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\e06f13e3e6d4358d687ea5825c4cffa3.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\e6b5d5bb77f5d136845cf8cdda2ad3a0.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\api\f822e50b2b5f7821b68b594963fd4f7d.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\1677053b3158601f75b60527433dae6e.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\1b4e4e214176a8d9d1b15121a905105f.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\22a4ab525c3ab317cfbd59fd1bf1f47a.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\2b9ce6c29859f45737d67631dfa8dda6.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\504eb11ccb5d3f7f112db89b03a7907e.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\55f1661d46283971d188acacbd33de71.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\66b85bf8df2be8674cc533a068f70a89.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\7c2f6ddb41f1918c952a8902079c3ac9.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\7ca081ad2ecc144272349d33bb357daa.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\84a00b3ccb0ae0f16e1ca96433747bc9.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\85581bcd0efda8f5f0ca8dabf9ef2105.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\91ba0af25c2969b4e9266febe94235c4.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\b56921ab09400a9763ec07c2d7bc4a96.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\c1ec617a178c29fca7f000614c598160.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\cd3a323a27f404aa47c6b7fa248dd447.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\d0877f35feaac8f1075dbf4bc1cb5458.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\d6fc2f3ca55921eac20d184989f7d76b.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\f19db85b2cccd17055d8becc765a5bcb.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\f726ca0cf2205b72126ba8caff9bb10e.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\f95ff64a36c0365530ef55a6db406628.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\chrome\content\core\installer.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\defaults\preferences\prefs.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\manifest.xml, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins.json, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\1.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\102.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\104.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\13.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\14.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\16.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\17.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\177.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\180.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\182.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\183.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\184.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\195.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\200.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\207.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\21.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\22.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\220.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\223.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\242.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\246.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\268.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\275.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\28.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\286.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\301.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\4.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\47.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\64.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\7.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\72.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\78.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\9.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\91.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\93.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\plugins\98.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\userCode\background.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\extensionData\userCode\extension.js, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\locale\en-US\translations.dtd, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\button1.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\button2.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\button3.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\button4.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\button5.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\crossrider_statusbar.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\icon128.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\icon16.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\icon24.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\icon48.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\panelarrow-up.png, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\popup.html, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\skin.css, , [7a9749ca0f6dc076467cb25d1ee5718f],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\extensions\ROUAILDE73397174@UXGZI17268980.com\skin\update.css, , [7a9749ca0f6dc076467cb25d1ee5718f],

Physical Sectors: 0
(No malicious items detected)


(end)

[motji]

Vše smažte a poprosím o nový log z FRSTu a napište, jaký je stav pc

[koblizek82]

Dobrý den, vše jsem provedl a reklamy pořád zůstávají. Zde je nový vypis:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-10-2014 01
Ran by Admin at 2014-10-11 10:12:04
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Aktualizace NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Codec-TS SDK (HKLM\...\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}) (Version: - ArcSoft)
HP LaserJet M1120 MFP Series (HKLM\...\HP LaserJet M1120 MFP) (Version: - )
hppusgM1120 (Version: 000.000.00005 - Hewlett-Packard) Hidden
iSlim 300X (HKLM\...\{7EF900F4-61A8-4D95-8A65-488D3BECA206}) (Version: 1.0.0.28 - )
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Codec Pack 9.3.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Malwarebytes Anti-Malware verze 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.136.000 - Hewlett-Packard) Hidden
Memostation 2013 (HKLM\...\{41FB29BC-F985-4334-BD3E-C2F0A173BFF7}_is1) (Version: 2013 - Memostation.net)
Microsoft .NET Framework 3.5 Language Pack SP1 - csy (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile CSY Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile CSY Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Minecraft 1.6.2 (HKLM\...\Minecraft 1.6.2) (Version: - )
Mozilla Firefox 32.0.3 (x86 cs) (HKLM\...\Mozilla Firefox 32.0.3 (x86 cs)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MrvlUsgTracking (Version: 1.0.4 - Marvell) Hidden
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.1.385992 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Ovladač 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{D5B94160-4A07-4956-9C73-8C5EEFEF180F}) (Version: 3.3.9567 - OpenOffice.org)
Ovládací panel NVIDIA 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.243.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6201 - Realtek Semiconductor Corp.)
Scan To (Version: 1.0.2 - HP) Hidden
Seznam Instalátor (HKLM\...\ssinstall) (Version: - Seznam.cz)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
WinFast Multimedia Driver Installation (HKLM\...\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}) (Version: - Multimedia)
WinFast PVR2 (HKCU\...\{C92C584E-C781-475E-A8E2-C67D993A6B95}) (Version: 2.0.3.57 - Leadtek)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

24-09-2014 17:34:40 Windows Update
25-09-2014 07:11:04 Naplánovaný kontrolní bod
26-09-2014 08:47:48 Windows Update
26-09-2014 18:02:25 Installed Connect Service
27-09-2014 08:36:59 Naplánovaný kontrolní bod
27-09-2014 18:05:04 Windows Update
28-09-2014 13:21:21 Naplánovaný kontrolní bod
29-09-2014 10:49:09 Windows Update
01-10-2014 10:20:26 Windows Update
02-10-2014 07:33:22 Naplánovaný kontrolní bod
02-10-2014 16:23:03 Windows Update
03-10-2014 09:19:16 Naplánovaný kontrolní bod
03-10-2014 17:19:53 Windows Update
04-10-2014 10:57:42 Naplánovaný kontrolní bod
04-10-2014 20:18:41 Windows Update
06-10-2014 06:22:06 Windows Update
07-10-2014 12:11:27 Windows Update
08-10-2014 08:02:09 Naplánovaný kontrolní bod
08-10-2014 12:47:01 Windows Update
09-10-2014 07:20:50 Naplánovaný kontrolní bod
09-10-2014 15:41:05 Windows Update
10-10-2014 09:21:08 Naplánovaný kontrolní bod
10-10-2014 18:06:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {14A359DB-3856-4232-918C-819BA3CED6CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2EDA6A81-ECC1-4D46-8C99-FEA81EB46C90} - \SPBIW_UpdateTask_Time_323436343037303138372d3437415a556c2a3223346c41 No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {6A95A808-DF52-47F9-AB35-9BF8EBF66213} - \SUPERAntiSpyware Scheduled Task ffd45f03-9cb5-4455-a19f-cf259d152259 No Task File <==== ATTENTION
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {C0F86F3D-7E6E-4692-858F-3250AD0A0704} - \SUPERAntiSpyware Scheduled Task cdb1c853-9347-49d3-9b54-097090e03982 No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2007-11-02 14:52 - 2007-11-02 14:52 - 00036864 _____ () C:\Program Files\HP\HP UT\bin\hppusg.exe
2007-11-02 14:52 - 2007-11-02 14:52 - 00057344 _____ () C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
2007-11-02 14:52 - 2007-11-02 14:52 - 00065536 _____ () C:\Program Files\HP\HP UT\bin\HPTools.dll
2007-11-02 14:52 - 2007-11-02 14:52 - 00114688 _____ () C:\Program Files\HP\HP UT\bin\HPToolkit.dll
2007-11-02 14:52 - 2007-11-02 14:52 - 00036864 _____ () C:\Program Files\HP\HP UT\bin\Enumeration.dll
2007-11-02 14:52 - 2007-11-02 14:52 - 00016384 _____ () C:\Program Files\HP\HP UT\bin\HPStreamsInterface.dll
2007-12-14 12:51 - 2007-12-14 12:51 - 00163840 _____ () C:\Windows\system32\hppatusg01.dll
2014-06-01 12:08 - 2007-12-04 07:25 - 00409600 _____ () C:\Windows\system32\zsm1120.exe
2014-05-15 14:12 - 2009-04-01 14:07 - 00303188 _____ () C:\Program Files\WinFast\WFDTV\RTL283XACCESS.dll
2014-05-15 14:12 - 2008-12-02 11:04 - 00007680 _____ () C:\Program Files\WinFast\WFDTV\WIZLANGCZE.dll
2014-05-15 14:12 - 2010-11-15 11:05 - 00073728 _____ () C:\Program Files\WinFast\WFDTV\RCConfig\RCKeysInfoIO.dll
2014-09-25 09:44 - 2014-09-25 09:45 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-01-17 16:19 - 2014-05-15 14:35 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-1349233872-4080188232-1638137599-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1349233872-4080188232-1638137599-500 - Administrator - Disabled)
Anička (S-1-5-21-1349233872-4080188232-1638137599-1003 - Limited - Enabled) => C:\Users\Anička
Eliška (S-1-5-21-1349233872-4080188232-1638137599-1002 - Limited - Enabled) => C:\Users\Eliška
Guest (S-1-5-21-1349233872-4080188232-1638137599-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1349233872-4080188232-1638137599-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2014 09:43:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 07:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 07:06:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 07:06:05 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


System errors:
=============
Error: (10/11/2014 01:59:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (10/10/2014 09:43:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPDRIVER_1.37.0.1323%%3

Error: (10/10/2014 09:42:38 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/10/2014 08:13:04 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: Zařízení Root\LEGACY_SASKUTIL\0000 se již v systému nenachází, přestože nebylo nejdříve připraveno k odebrání.

Error: (10/10/2014 08:13:04 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: Zařízení Root\LEGACY_SASDIFSV\0000 se již v systému nenachází, přestože nebylo nejdříve připraveno k odebrání.

Error: (10/10/2014 07:31:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPDRIVER_1.37.0.1323%%127

Error: (10/10/2014 07:29:52 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (10/10/2014 07:15:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 zjistil chybu při pokusu o aktualizaci podpisů.

Nová verze podpisu:

Předchozí verze podpisu: 1.185.2734.0

Zdroj aktualizace: %NT AUTHORITY59

Fáze aktualizace: 4.6.0305.00

Zdrojová cesta: 4.6.0305.01

Typ podpisu: %NT AUTHORITY602

Typ aktualizace: %NT AUTHORITY604

Uživatel: NT AUTHORITY\SYSTEM

Aktuální verze modulu: %NT AUTHORITY605

Předchozí verze modulu: %NT AUTHORITY606

Kód chyby: %NT AUTHORITY607

Popis chyby: %NT AUTHORITY608

Error: (10/10/2014 07:15:45 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (10/10/2014 07:06:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (10/10/2014 09:43:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 07:31:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 07:06:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/10/2014 07:06:05 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c


CodeIntegrity Errors:
===================================
Date: 2014-10-11 10:14:46.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:14:46.569
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:14:46.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:14:46.253
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:11:54.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:11:54.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:11:54.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:11:54.351
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:11:31.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-11 10:11:31.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 3068.18 MB
Available physical RAM: 1715.1 MB
Total Pagefile: 6382.66 MB
Available Pagefile: 4528.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:241.14 GB) (Free:129.4 GB) NTFS
Drive d: () (Fixed) (Total:224.61 GB) (Free:213.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (ADATA UFD) (Removable) (Total:29.72 GB) (Free:29.27 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 5251A36A)
Partition 1: (Active) - (Size=224.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=241.1 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29.7 GB) - (Type=0C)

==================== End Of Log ============================

[motji]

Ještě

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

[koblizek82]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Admin on so 11.10.2014 at 16:29:40,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\013zg8yh.default\prefs.js

user_pref("extensions.aROUAILDE73397174UXGZI17268980com65123.65123.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%2
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\013zg8yh.default\minidumps [62 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 11.10.2014 at 16:32:04,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[motji]

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[koblizek82]

ComboFix 14-10-04.01 - Admin 11.10.2014 23:02:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3068.1964 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPDRIVER_1.37.0.1323
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-11 do 2014-10-11 )))))))))))))))))))))))))))))))
.
.
2014-10-11 21:12 . 2014-10-11 21:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-11 21:00 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74FCBB18-610C-44D0-95E8-C01CB88F5717}\mpengine.dll
2014-10-11 14:29 . 2014-10-11 14:29 -------- d-----w- c:\windows\ERUNT
2014-10-10 20:14 . 2014-10-11 21:15 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-10 20:13 . 2014-10-10 20:13 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-10 20:13 . 2014-10-10 20:13 -------- d-----w- c:\programdata\Malwarebytes
2014-10-10 20:13 . 2014-05-12 05:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-10 20:13 . 2014-05-12 05:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-10 20:13 . 2014-05-12 05:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-10 19:40 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-10 19:39 . 2014-10-10 19:40 -------- d-----w- C:\AdwCleaner
2014-10-10 18:07 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-10 17:45 . 2014-10-11 08:22 -------- d-----w- C:\FRST
2014-10-10 16:53 . 2014-10-10 16:57 -------- d-----w- c:\users\Admin\AppData\Local\Google
2014-10-10 16:53 . 2014-10-10 17:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-10-06 19:01 . 2014-10-10 17:38 -------- d-----w- c:\program files\Google
2014-10-06 18:28 . 2014-10-06 18:28 -------- d-----w- c:\users\Admin\AppData\Local\Installer
2014-10-06 18:28 . 2014-10-06 18:28 -------- d-----w- c:\users\Admin\AppData\Local\CrashRpt
2014-10-06 18:27 . 2014-10-06 19:57 -------- d-----w- c:\program files\Seznam.cz
2014-10-06 18:26 . 2014-10-06 19:57 -------- d-----w- c:\users\Admin\AppData\Roaming\Seznam.cz
2014-10-01 10:26 . 2014-09-18 15:10 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88E2255F-282A-4A7D-9595-5FA7263A52EE}\gapaengine.dll
2014-09-26 18:13 . 2014-09-26 18:13 -------- d-----w- c:\users\Anička
2014-09-26 18:01 . 2014-09-26 18:01 -------- d-----w- c:\users\Eliška
2014-09-24 19:33 . 2014-09-24 19:33 -------- d-----w- c:\users\Admin\AppData\Roaming\EurekaLog
2014-09-24 19:32 . 2014-09-24 19:32 -------- d-----w- c:\users\Admin\AppData\Roaming\Memostation
2014-09-24 19:32 . 2014-09-24 19:32 -------- d-----w- c:\program files\Memostation
2014-09-22 12:56 . 2014-09-22 12:56 -------- d-----w- c:\program files\Common Files\Skype
2014-09-22 12:56 . 2014-09-22 12:56 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 09:12 . 2014-05-15 09:51 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 09:12 . 2014-05-15 09:51 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-22 06:41 . 2014-05-15 10:20 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-18 15:10 . 2014-05-29 17:34 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-17 16:05 . 2014-07-17 16:05 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2012-03-20 18:44 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2013-01-09 2916352]
"SystemProc"="c:\users\Public\Other\run.vbs" [2014-02-06 74]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-14 9726568]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2014-03-04 103936]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2014-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15 09:12]
.
2014-10-11 c:\windows\Tasks\User_Feed_Synchronization-{51E04949-6895-40C7-BF86-63B994B17111}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\013zg8yh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
AddRemove-Minecraft 1.6.2 - c:\users\Admin\AppData\Roaming\.minecraft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-11 23:16
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes Anti-Malware\mbamservice.exe
c:\windows\System32\ssins.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2014-10-11 23:20:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-10-11 21:20
.
Před spuštěním: Volných bajtů: 143 106 625 536
Po spuštění: Volných bajtů: 142 978 818 048
.
- - End Of File - - E48FFAE54943DAB899A3AF28C551C313
5C616939100B85E558DA92B899A0FC36

[motji]

Divné umístění, nevím zda je to bug combofixu, ale zkuste to celé zkopírovat do řádku na www.virustotal.com
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

[koblizek82]

Dobrý den,
teď jsem to moc nepochopil - nicméně vzal jsem txt toho combofixu a nechal ho přeskenovat na http://www.virustotal.com. Výsledkem skenování v záložce "Analysis" jsou všechny položky "odfajfkovány" zeleně........
Dále jsem nechal přeskenovat soubor c:\Windows\System32\wbem\WMIADAP.exe - vše bez závad - označeno zeleně

[motji]

Mě se nelíbí jak vypsal combofix to umístění c:\\?\c:\windows\system32\wbem\WMIADAP.EXE.
Jak to vypadá s pc teď?

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spustte.
-do okénka skopírujte

Kód: Vybrat vše

:filefind
WMIADAP.exe

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

[koblizek82]

SystemLook 30.07.11 by jpshortstuff
Log created at 12:11 on 12/10/2014 by Admin
Administrator - Elevation successful

========== filefind ==========

Searching for "WMIADAP.exe"
C:\Windows\SoftwareDistribution\Download\3bd8fe73c6fda64a95e9e60ac46184d4\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\WMIADAP.exe --a---- 117248 bytes [13:56 03/06/2014] [06:28 11/04/2009] F8D8BB3F6173FFF00128612F33D3197A
C:\Windows\System32\wbem\WMIADAP.exe --a---- 117248 bytes [02:23 21/01/2008] [02:23 21/01/2008] 6145D4EC919E4C7C818DC3C172100EBC
C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WMIADAP.exe --a---- 117248 bytes [02:23 21/01/2008] [02:23 21/01/2008] 6145D4EC919E4C7C818DC3C172100EBC

-= EOF =-

Pak jsem provedl restart - reklamní banery vyskakují stále dál (načte se www stránka, pak to začne znova někde načítat a banery začnou vyskakovat).
Náhled obrazovky jsem Vám poslal na email
Ještě jsem zkoušel misto Mozilly pouštět IE a tam ty reklamy nevyskakují