Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nechtěné naskakování www adres

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Nechtěné naskakování www adres

#1 Příspěvek od harmony36 »

Dobrý den páni odborníci, omlouvám se jestli má prosba do tohoto místa nepatří, ale nějak přesně nevím jak problém specifikovat, či hledat.
Při nějakém nevinném stahování jakéhosi souboru se stalo, že následně při otevření Firefox ignoroval nastavenou dom. stránku a automaticky se startují nějaké ruské informační servery. Při každém zapnutí Firefox se tyto adresy různě mění. Zajímavé je, že to platí i pro Chrome. Odinstalování a opětovná instalace Firefox nepomohla (i když jsem vyčistil registry). Nastartované stránky nepůsobí škodlivě, jde jen o nucenou reklamu na další a další info servery. Zkoušel jsem se dívat do útrob Firefoxu či Chromu a něco tam najít, ale nějak jsem nepochodil. Při testu Malwares´bytes mi taky nic nevyskočilo. Děkuji za radu jak toto detekovat a odstranit.
Co nejde rozumem, jde kladivem !
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nechtěné naskakování www adres

#2 Příspěvek od Rudy »

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres

#3 Příspěvek od harmony36 »

No jó, vždyť to všude píšete..dát log, omlouvám se. Addition v příloze. Ale co to? Log se mi sem znakama nevejde, dám ho tedy taky do přílohy. A jéje, nemůžu vložit dva soubory, hmm zajímavé. Takže dvě zprávy.
Sice je to mimo mísu, ale rád bych vás uctivě poprosil o jednu radu. Už jednou jsem měl instalovaný Acrobat Reader DC, včetně keygen serials, dle postupu a vše ok. Za pár měsíců jsem shodil systém a znova instalace všech sw vč. Acrobat a už se mi nepodařilo ho oživit. Postup nefunguje, serials nereaguje a chce se to pořád připojit na účet ID. Poraďte jak to zmáknout. Případně mě nasměrujte na nějaké fórum, kde bych to mohl řešit. Děkuji.
Přílohy
FRST.rar
(32.96 KiB) Staženo 104 x
Co nejde rozumem, jde kladivem !
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres

#4 Příspěvek od harmony36 »

Addition v příloze. Děkuji
Přílohy
Addition.rar
(7.07 KiB) Staženo 101 x
Co nejde rozumem, jde kladivem !
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nechtěné naskakování www adres

#5 Příspěvek od Rudy »

Log je někdy delší, než 100000 znaků. Pak ho můžete rozdělit do více postů. Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres

#6 Příspěvek od harmony36 »

provedeno, po spuštění firefox tam pořád naskočí nechtěné www, nic se nezměnilo, i když adw píše, že vymazal složky.

# AdwCleaner v5.201 - Log vytvořen 21/07/2016 v 15:46:49
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-07-21.2 [Server]
# Operační system : Microsoft Windows XP Service Pack 2 (X64)
# Uživatelské jméno : Myšpulín - MYŠPULÍN-PC
# Spuštěno z : C:\Users\Myšpulín\Desktop\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****
[-] Složka Smazáno : C:\ProgramData\Torrent_Search_PED
[#] Složka Smazáno : C:\ProgramData\Application Data\Torrent_Search_PED
[-] Složka Smazáno : C:\Program Files (x86)\Torrent Search
[-] Složka Smazáno : C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\extensions

\DTToolbar@toolbarnet.com

***** [ Soubory ] *****

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

[-] Úloha Smazáno : PED_Torrent_Search

***** [ Registry ] *****

[-] Hodnota Smazáno : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-

CE0849258DE6}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Klíč Smazáno : HKCU\Software\IM
[-] Klíč Smazáno : HKU\S-1-5-21-1066675084-3487726286-613431335-1000\Software\IM

***** [ Prohlížeče ] *****

[-] [C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\prefs.js] Smazáno : user_pref

("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_meta.value", "%7B

%22handlebars.js%22%3A%7B%22id%22%3A757182%2C%22ver%22%3A1%2C%22status%22%3A1%2[...]
[-] [C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\prefs.js] Smazáno : user_pref

("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757191.value",

"%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29%7Bvar%20[...]
[-] [C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\prefs.js] Smazáno : user_pref

("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_bundledUrls.value",

"%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[-] [C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\prefs.js] Smazáno : user_pref

("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B

%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22[...]

*************************
:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [3117 bytů] - [21/07/2016 15:46:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [3099 bytů] - [21/07/2016 15:41:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3263 bytů] ##########
Co nejde rozumem, jde kladivem !
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nechtěné naskakování www adres

#7 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres - druhý log

#8 Příspěvek od harmony36 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016
Ran by Myšpulín (administrator) on MYŠPULÍN-PC (25-07-2016 11:35:29)
Running from C:\Users\Myšpulín\Desktop\viry cz
Loaded Profiles: Myšpulín (Available Profiles: Myšpulín)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HPG) C:\Program Files (x86)\HPGuard\HPGuardSrv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Avid Technology, Inc.) C:\Windows\SysWOW64\MAFWTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-06-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [M-Audio Taskbar Icon] => C:\Windows\SysWOW64\MAFWTray.exe [254256 2012-01-24] (Avid Technology, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-06-19] (Microsoft Corporation)
Startup: C:\Users\Myšpulín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sunbird – zástupce.lnk [2016-07-15]
ShortcutTarget: sunbird – zástupce.lnk -> C:\Program Files (x86)\Mozilla Sunbird\sunbird.exe (Mozilla)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.48.254.254 77.48.100.254
Tcpip\..\Interfaces\{DCAA635D-CAB4-4437-8BC9-C9189224F91E}: [DhcpNameServer] 77.48.254.254 77.48.100.254

Internet Explorer:
==================
HKU\S-1-5-21-1066675084-3487726286-613431335-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2013-12-23] (DVDVideoSoft Ltd.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-18] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1066675084-3487726286-613431335-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-05-27] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default
FF SelectedSearchEngine:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-06-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-06-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-05-17] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2016-06-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF SearchPlugin: C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\searchplugins\zbocz.xml [2015-12-02]
FF Extension: YouTube™ Flash® Player - C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2016-05-24]
FF Extension: Adblock Plus - C:\Users\Myšpulín\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-06-20]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Profile: C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]
CHR Extension: (Dokumenty Google) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]
CHR Extension: (Disk Google) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Slither.io Skins, Mods, Hack & Guide) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\dggomkijbihggjgcgdbnleolpleddaid [2016-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-06-18]
CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2016-07-25]
CHR Extension: (Tabulky Google) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
CHR Extension: (Gmail) - C:\Users\Myšpulín\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPGuard Service; C:\Program Files (x86)\HPGuard\HPGuardSrv.exe [537776 2016-06-22] (HPG)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MAFW; C:\Windows\System32\DRIVERS\mafw.sys [235312 2012-01-24] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Co nejde rozumem, jde kladivem !
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres - druhý log - 2.část

#9 Příspěvek od harmony36 »

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-21 15:40 - 2016-07-21 15:46 - 00000000 ____D C:\AdwCleaner
2016-07-21 15:40 - 2016-07-21 15:40 - 00002970 _____ C:\Windows\System32\Tasks\{334C28C5-084A-4874-AB12-010572AFB96E}
2016-07-21 12:45 - 2016-07-21 12:45 - 00001442 _____ C:\Users\Myšpulín\Desktop\hosts – kopie
2016-07-21 11:54 - 2016-07-21 11:54 - 00016464 _____ C:\Users\Myšpulín\Desktop\výuka.veg
2016-07-21 11:09 - 2016-07-21 11:09 - 00000148 _____ C:\Users\Myšpulín\Documents\01. výuka, účet.mpg.sfl
2016-07-21 10:17 - 2016-07-21 10:17 - 00000584 _____ C:\Users\Myšpulín\Desktop\výuka - požadavky – zástupce.lnk
2016-07-21 09:35 - 2016-07-21 09:35 - 00000000 ____D C:\Users\Myšpulín\Documents\Moje Videa
2016-07-21 09:34 - 2016-07-21 09:34 - 00001605 _____ C:\Users\Myšpulín\Desktop\Vegas 7 - cz.lnk
2016-07-21 09:34 - 2016-07-21 09:34 - 00001569 _____ C:\Users\Myšpulín\Desktop\vidcap60.lnk
2016-07-21 09:28 - 2016-07-21 09:28 - 00000000 ____D C:\Windows\SysWOW64\spool
2016-07-21 09:28 - 2016-07-21 09:28 - 00000000 ____D C:\ProgramData\Sony
2016-07-21 09:28 - 2016-07-21 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-07-21 09:28 - 2016-07-21 09:28 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2016-07-20 00:56 - 2016-07-20 00:56 - 00000000 ____D C:\Windows\EOONotify
2016-07-19 21:22 - 2016-07-19 21:55 - 00000000 ____D C:\Users\Myšpulín\Documents\Camtasia Studio
2016-07-19 21:22 - 2016-07-19 21:22 - 00000000 ____D C:\Users\Myšpulín\AppData\Roaming\TechSmith
2016-07-19 21:22 - 2016-07-19 21:22 - 00000000 ____D C:\Users\Myšpulín\AppData\Local\TechSmith
2016-07-19 21:21 - 2016-07-19 21:21 - 00001175 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2016-07-19 21:21 - 2016-07-19 21:21 - 00000000 ____D C:\ProgramData\TechSmith
2016-07-19 21:21 - 2016-07-19 21:21 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2016-07-19 21:21 - 2016-07-19 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2016-07-19 21:21 - 2016-07-19 21:21 - 00000000 ____D C:\Program Files (x86)\TechSmith
2016-07-19 21:17 - 2016-07-19 21:18 - 00000182 _____ C:\Windows\system32\Drivers\etc\01. info pro hosts.txt
2016-07-19 19:15 - 2016-07-21 09:03 - 00003128 _____ C:\Users\Myšpulín\Documents\Default.sfvidcap
2016-07-19 19:12 - 2016-07-21 09:35 - 00002544 _____ C:\Users\Myšpulín\Documents\Register Vegas.htm
2016-07-19 19:12 - 2016-07-21 09:25 - 00000000 ____D C:\Users\Myšpulín\Documents\My Videos
2016-07-19 19:12 - 2016-07-19 19:12 - 00000000 ____D C:\Users\Myšpulín\Documents\Sony Media Libraries
2016-07-19 19:12 - 2016-07-19 19:12 - 00000000 ____D C:\Users\Myšpulín\AppData\Roaming\Publish Providers
2016-07-19 19:12 - 2016-07-19 19:12 - 00000000 ____D C:\Users\Myšpulín\AppData\Local\Sony
2016-07-19 19:05 - 2016-07-19 19:12 - 00000000 ____D C:\Users\Myšpulín\AppData\Roaming\Sony
2016-07-19 19:05 - 2016-07-19 19:05 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cliconfg.728
2016-07-19 19:05 - 2016-07-19 19:05 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-07-19 19:05 - 2002-12-17 16:23 - 00033340 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dbmsqlgc.dll
2016-07-19 19:05 - 2002-10-20 14:05 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\dbmsgnet.dll
2016-07-19 19:05 - 1998-10-29 15:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-07-19 19:04 - 2016-07-19 19:04 - 00000000 ____D C:\Program Files (x86)\Sony Setup
2016-07-19 19:04 - 2016-07-19 19:04 - 00000000 ____D C:\Program Files (x86)\Sony
2016-07-19 18:48 - 2016-07-25 11:35 - 00000000 ____D C:\Users\Myšpulín\Desktop\viry cz
2016-07-19 14:25 - 2016-07-19 15:18 - 00000000 ____D C:\Users\Myšpulín\.dvdcss
2016-07-19 04:29 - 2016-07-21 09:26 - 00000000 ____D C:\Windows\Minidump
2016-07-19 00:49 - 2016-07-19 00:49 - 00001184 _____ C:\Users\Myšpulín\Desktop\Tančírna 9-10.7.2016 – zástupce.lnk
2016-07-18 23:50 - 2016-07-19 03:29 - 00000000 ____D C:\Users\Myšpulín\AppData\Local\CrashDumps
2016-07-18 19:13 - 2016-07-18 19:13 - 00001790 _____ C:\Users\Myšpulín\Desktop\TeamViewer – zástupce.lnk
2016-07-18 18:56 - 2016-07-18 18:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-18 18:56 - 2016-07-18 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-07-18 18:10 - 2016-07-18 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2016-07-18 18:10 - 2016-07-18 18:10 - 00000000 ____D C:\ProgramData\AVID
2016-07-18 18:10 - 2016-07-18 18:10 - 00000000 ____D C:\Program Files\M-Audio
2016-07-18 17:55 - 2016-07-18 17:55 - 00000000 ____D C:\Users\Myšpulín\Tracing
2016-07-18 17:53 - 2016-07-20 23:24 - 00000000 ____D C:\Users\Myšpulín\AppData\Roaming\Skype
2016-07-18 17:53 - 2016-07-18 18:56 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-18 17:53 - 2016-07-18 18:56 - 00000000 ____D C:\Users\Myšpulín\AppData\Local\Skype
2016-07-18 17:53 - 2016-07-18 18:56 - 00000000 ____D C:\ProgramData\Skype
2016-07-18 12:17 - 2016-07-18 12:17 - 00001001 _____ C:\Users\Myšpulín\Desktop\01. GE MONETA – zástupce.lnk
2016-07-17 19:55 - 2016-07-17 19:55 - 00828500 _____ C:\Users\Myšpulín\Desktop\jj7vlf4d.htm
2016-07-16 22:18 - 2016-07-25 11:35 - 00000000 ____D C:\FRST
2016-07-14 15:42 - 2016-07-14 15:42 - 00001035 _____ C:\Users\Myšpulín\Desktop\Rozkoš 12.7.2016 – zástupce.lnk
2016-07-13 15:18 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 15:18 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-13 15:18 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 15:18 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 15:18 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 15:18 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 15:18 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 15:18 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 15:18 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 15:18 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 15:18 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 15:18 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 15:18 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 15:18 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 15:18 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 15:18 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 15:18 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 15:18 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 15:18 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 15:18 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 15:18 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 15:18 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 15:18 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 15:18 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 15:18 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 15:18 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 15:18 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 15:18 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 15:18 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 15:18 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 15:18 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 15:18 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 15:18 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 15:18 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 15:18 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 15:18 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 15:18 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-13 15:18 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-13 15:18 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-13 15:18 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-13 15:18 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-13 15:18 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-13 15:18 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-13 15:18 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-13 15:18 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-13 15:18 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-13 15:18 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-13 15:18 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-13 15:18 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-13 15:18 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-13 15:18 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-13 15:18 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-13 15:18 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-13 15:18 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-13 15:18 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-13 15:18 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-13 15:18 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-13 15:18 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-13 15:18 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-13 15:18 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-13 15:18 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-13 15:18 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-13 15:18 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-13 15:18 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-13 15:18 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-13 15:18 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-13 15:17 - 2016-06-26 02:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 15:17 - 2016-06-26 02:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 15:17 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 15:17 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 15:17 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 15:17 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 15:17 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 15:17 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 15:17 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 15:17 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 15:17 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 15:17 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-13 15:17 - 2016-06-22 15:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 15:17 - 2016-06-17 20:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 15:17 - 2016-06-17 20:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 15:17 - 2016-06-17 20:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 15:17 - 2016-06-17 20:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 15:17 - 2016-06-17 20:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 15:17 - 2016-06-17 20:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 15:17 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-07 15:26 - 2016-07-07 15:26 - 00001001 _____ C:\Users\Myšpulín\Desktop\limo na hradě – zástupce.lnk
2016-07-06 16:44 - 2016-07-06 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-07-03 13:00 - 2016-07-03 13:00 - 00003584 _____ C:\Users\Myšpulín\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-02 15:04 - 2016-07-13 18:15 - 00000000 ____D C:\Users\Myšpulín\AppData\Roaming\Mp3tag
2016-07-02 13:24 - 2016-07-02 13:24 - 00001090 _____ C:\Users\Myšpulín\Desktop\01. MOJE FINANCE.lnk
2016-06-29 22:38 - 2016-06-29 22:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-06-25 13:35 - 2016-06-25 18:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-25 01:02 - 2016-07-16 22:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-25 01:01 - 2016-06-25 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-25 01:01 - 2016-06-25 01:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-25 01:01 - 2016-06-25 01:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-25 01:01 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-25 01:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-25 01:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-25 00:48 - 2016-06-25 18:28 - 00000270 __RSH C:\Users\Myšpulín\ntuser.pol
2016-06-25 00:48 - 2016-06-25 00:48 - 00001769 _____ C:\Users\Public\Desktop\Firеfох.lnk
2016-06-25 00:33 - 2016-06-25 18:28 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-06-25 00:32 - 2016-06-25 00:48 - 00001781 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-06-25 00:32 - 2016-06-25 00:32 - 00001799 _____ C:\Users\Myšpulín\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-06-25 00:32 - 2016-06-25 00:32 - 00001781 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-06-25 00:32 - 2016-06-25 00:32 - 00000000 ____D C:\Program Files (x86)\HPGuard

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-25 10:43 - 2016-06-19 11:06 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-25 10:40 - 2016-06-18 14:35 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-25 09:22 - 2009-07-14 06:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-25 09:22 - 2009-07-14 06:45 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-25 09:07 - 2016-06-18 14:35 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-25 09:07 - 2016-06-17 21:51 - 00000206 _____ C:\Windows\Tasks\AutoKMS.job
2016-07-25 09:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-21 23:18 - 2009-07-14 17:18 - 00686650 _____ C:\Windows\system32\perfh005.dat
2016-07-21 23:18 - 2009-07-14 17:18 - 00149164 _____ C:\Windows\system32\perfc005.dat
2016-07-21 23:18 - 2009-07-14 07:13 - 01636690 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-21 23:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-07-21 15:50 - 2009-07-14 06:45 - 04968016 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-21 15:15 - 2016-06-17 21:33 - 00109672 _____ C:\Users\Myšpulín\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-21 12:52 - 2016-06-17 21:00 - 00000000 ____D C:\ProgramData\Adobe
2016-07-21 12:51 - 2016-06-17 21:00 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-07-21 12:35 - 2016-06-17 21:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-21 09:27 - 2016-06-18 11:04 - 00000000 ____D C:\Users\Myšpulín\AppData\Roaming\uTorrent
2016-07-21 08:06 - 2016-06-17 21:01 - 00000000 ____D C:\Users\Myšpulín\AppData\Local\Adobe
2016-07-20 00:56 - 2016-06-22 10:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-20 00:56 - 2016-06-22 10:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-19 23:06 - 2016-06-17 23:36 - 00000000 ____D C:\Users\Myšpulín\Documents\Cubase Projects
2016-07-19 21:39 - 2016-06-17 22:17 - 00000000 ___RD C:\Users\Myšpulín\Desktop\programy
2016-07-19 19:25 - 2016-06-17 20:42 - 00000000 ____D C:\Users\Myšpulín\AppData\Local\VirtualStore
2016-07-19 19:05 - 2016-06-22 03:43 - 01608938 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-19 14:25 - 2016-06-17 20:42 - 00000000 ____D C:\Users\Myšpulín
2016-07-18 23:50 - 2016-06-17 23:35 - 00000000 ____D C:\Users\Myšpulín\Documents\Steinberg
2016-07-14 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-07-14 04:09 - 2016-06-23 10:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 04:09 - 2009-07-14 17:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 22:12 - 2016-06-17 21:02 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 22:12 - 2016-06-17 21:01 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-07-13 22:12 - 2016-06-17 21:01 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-07-12 22:43 - 2016-06-19 11:06 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-12 22:43 - 2016-06-19 11:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 22:43 - 2016-06-19 11:06 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-12 22:43 - 2016-06-19 11:06 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 22:43 - 2016-06-17 22:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-07 11:49 - 2016-06-17 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-30 20:01 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-30 09:45 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-06-25 18:28 - 2009-07-14 17:37 - 00000000 ____D C:\Windows\RemotePackages
2016-06-25 13:11 - 2016-06-17 21:25 - 00000000 ____D C:\Windows\system32\1. Moje IKONY
2016-06-25 00:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\GroupPolicy

==================== Files in the root of some directories =======

2016-07-03 13:00 - 2016-07-03 13:00 - 0003584 _____ () C:\Users\Myšpulín\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-18 14:34 - 2016-06-18 14:34 - 0007611 _____ () C:\Users\Myšpulín\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Myšpulín\AppData\Local\Temp\libeay32.dll
C:\Users\Myšpulín\AppData\Local\Temp\msvcr120.dll
C:\Users\Myšpulín\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-17 14:27

==================== End of FRST.txt ============================
Co nejde rozumem, jde kladivem !
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nechtěné naskakování www adres

#10 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
C:\Users\Myšpulín\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\Myšpulín\AppData\Local\Temp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
End
Uložte do C:\Users\Myšpulín\Desktop\viry cz jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres

#11 Příspěvek od harmony36 »

Pakliže k vyřešení zbývá 1 krok, ok. Pakliže bude třeba hledat další a další řešení už se mi to nejeví ekonomicky a raději provedu totální reinstal win. Vážím si tvé pomoci. Problém se zatím nevyřešil a už nechci plýtvat tvým časem.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by Myšpulín (2016-07-25 16:28:42) Run:1
Running from C:\Users\Myšpulín\Desktop\viry cz
Loaded Profiles: Myšpulín (Available Profiles: Myšpulín)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Users\Myšpulín\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\AutoKMS.job
C:\Users\Myšpulín\AppData\Local\Temp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
End
*****************

C:\Users\Myšpulín\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 => moved successfully
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\AutoKMS.job => moved successfully

"C:\Users\Myšpulín\AppData\Local\Temp" folder move:

Could not move "C:\Users\Myšpulín\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-25 16:30:34)

C:\Users\Myšpulín\AppData\Local\Temp => moved successfully

==== End of Fixlog 16:30:35 ====
Co nejde rozumem, jde kladivem !
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nechtěné naskakování www adres

#12 Příspěvek od Rudy »

Ještě jsme nevystříleli všechno střelivo. Zkuste tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres

#13 Příspěvek od harmony36 »

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Myçpulˇn on po 25.07.2016 at 19:06:53,32.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\STAHUJ\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.7.2016 19:07:45 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\MYPULN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\VertrigoServ deleted successfully
C:\Users\MYPULN~1\AppData\Local\CrashDumps deleted successfully
C:\Users\MYPULN~1\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\prefs.js:
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Sunbird\Profiles\i5nxpxpz.default\prefs.js:

Added to C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Sunbird\Profiles\i5nxpxpz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MYPULN~1\AppData\Roaming\Thunderbird\Profiles\1o8spx3b.default\prefs.js:

Added to C:\Users\MYPULN~1\AppData\Roaming\Thunderbird\Profiles\1o8spx3b.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default

user.js not found
---- Lines focusbase removed from prefs.js ----
user_pref("extensions.focusbase.asul", "1417855542026");
user_pref("extensions.focusbase.aul", "1417855537000");
user_pref("extensions.focusbase.irl", true);
user_pref("extensions.focusbase.is", "ob100ppCZ");
user_pref("extensions.focusbase.ug", "D627CFFB-3806-4ADC-A594-E66220CDB00E");
---- Lines a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911 removed from prefs.js ----
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.coma45633fba7e7d40fe
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.coma45633fba7e7d40fe
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.comasyncdb_dbWasSet"
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.comasyncdb_dbWasSet_
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.comasyncinternaldb_d
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.45633fba7e7d40fea9c29@9dc18447eea04021a325caf3.comasyncinternaldb_d
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.active", true);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.addressbar", "NA");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.addressbarenhanced", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.asyncdb.was_copied", "true");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.asyncinternaldb.was_copied", "true");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.backgroundver", 1);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.certdomaininstaller", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.cookie.InstallationTime.value", "%221409135198%22");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001729%22%2
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.cookie.uc.expiration", "Sat Dec 20 2014 12:08:16 GMT+0100");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.cookie.uc.value", "%22%5C%22CZ%5C%22%22");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.description", "Ge-Force");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.domain", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.enablesearch", false);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.homepage", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.changeprevious", false);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.iframe", false);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.InstallationThankYouPage", true);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.InstallationTime", 1409135198);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%2
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001729%
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%2200
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_b
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Fe
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_last_executable_request.expiration",
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_last_executable_request.value", "%22
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_regBundledWithSoftware.expiration",
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_appVer.value", "62");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GM
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_nextCheck.expiration", "Sat Dec 06 2014 15:45:
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 G
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757183.expiration", "Fri Mar 06 2015
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757184.expiration", "Fri Mar 06 2015
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757186.expiration", "Fri Mar 06 2015
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757188.expiration", "Fri Mar 06 2015
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757189.expiration", "Fri Mar 06 2015
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.internaldb.Resources_resource_757191.expiration", "Fri Mar 06 2015
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.lastDailyReport", "1417855538669");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.lastUpdate", "1417855537300");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.manifesturl", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.name", "Ge-Forces");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.newtab", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.opensearch", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.pluginsurl", "http://js.newstaticdatacloud.com/plugin/apps/61911/pl
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.pluginsversion", 56);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.publisher", "iWebar");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.searchstatus", 0);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.setnewtab", false);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.thankyou", "");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.updateinterval", 360);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.61911.ver", 62);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.apps", "61911");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.bic", "1481702a6ffdc92669eb3f9c9a66d007");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.cid", 61911);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.firstrun", false);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.hadappinstalled", true);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.installationdate", 1409135323);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.installerAdditionalInfo", "{\"asw\":[67108864, -2147483644, 536879104],\"
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.modetype", "production");
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.reportInstall", true);
user_pref("extensions.a45633fba7e7d40fea9c299dc18447eea04021a325caf3com61911.statsDailyCounter", 7);
---- Lines awarnerrobertshotmailcom61915 removed from prefs.js ----
user_pref("extensions.awarnerrobertshotmailcom61915.61915.active", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbar", "NA");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.addressbarenhanced", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncdb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.asyncinternaldb.was_copied", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.backgroundver", 1);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.certdomaininstaller", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallationTime.value", "%221409135201%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000803%22%2C%22sub_id%22%3A%220%22%2
user_pref("extensions.awarnerrobertshotmailcom61915.61915.description", ".");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.domain", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.enablesearch", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.homepage", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.changeprevious", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.iframe", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationThankYouPage", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.InstallationTime", 1409135201);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108864%2C-2147483644%2C53
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2279
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2279C1496BEA87477C8D094EB
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000803%22%2C%22sub_id%22%3A%220%
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000803%22%2C%22sub_id%22%3A
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2279C1496BEA8747
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+01
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_last_executable_request.expiration", "Sat Dec 06 2014 21:46:4
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A//download2v.frees
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+010
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_appVer.value", "52");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.expiration", "Sat Dec 06 2014 15:45:39 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastDailyReport", "1417855538669");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.lastUpdate", "1417855537739");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.manifesturl", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.name", "Sense1");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.newtab", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.opensearch", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsurl", "http://js.newstaticclientstack.com/plug ... lugins.jso
user_pref("extensions.awarnerrobertshotmailcom61915.61915.pluginsversion", 48);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.publisher", "Object Browser");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.searchstatus", 0);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.setnewtab", false);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.thankyou", "");
user_pref("extensions.awarnerrobertshotmailcom61915.61915.updateinterval", 360);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.ver", 52);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet", true);
user_pref("extensions.awarnerrobertshotmailcom61915.61915.warnerroberts@hotmail.comawarnerrobertshotmailcom61915_dbWasSet_FF25_FIX", true);
user_pref("extensions.awarnerrobertshotmailcom61915.apps", "61915");
user_pref("extensions.awarnerrobertshotmailcom61915.bic", "1481702a6ffdc92669eb3f9c9a66d007");
user_pref("extensions.awarnerrobertshotmailcom61915.cid", 61915);
user_pref("extensions.awarnerrobertshotmailcom61915.firstrun", false);
user_pref("extensions.awarnerrobertshotmailcom61915.hadappinstalled", true);
user_pref("extensions.awarnerrobertshotmailcom61915.installationdate", 1409135323);
user_pref("extensions.awarnerrobertshotmailcom61915.installerAdditionalInfo", "{\"asw\":[67108864, -2147483644, 536879104],\"browser_name\":\"ff\"}");
user_pref("extensions.awarnerrobertshotmailcom61915.modetype", "production");
user_pref("extensions.awarnerrobertshotmailcom61915.reportInstall", true);
user_pref("extensions.awarnerrobertshotmailcom61915.statsDailyCounter", 7);
---- FireFox user.js and prefs.js backups ----

prefs_25.07.2016_1920_.backup

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Sunbird\Profiles\i5nxpxpz.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_25.07.2016_1920_.backup

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Thunderbird\Profiles\1o8spx3b.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_25.07.2016_1920_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Sunbird\Profiles\i5nxpxpz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Thunderbird\Profiles\1o8spx3b.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [20.06.2016 23:29]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default
- YouTube Flash Player - %ProfilePath%\extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Sunbird\Profiles\i5nxpxpz.default
- Timezone Definitions for Mozilla Calendar - C:\Program Files (x86)\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org
- Lightning stub extension for Sunbird - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

ProfilePath: C:\Users\MYPULN~1\AppData\Roaming\Thunderbird\Profiles\1o8spx3b.default
- Undetermined - C:\Users\Myšpulín\AppData\Roaming\Thunderbird\Profiles\1o8spx3b.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Slither.io Mod - MYPULN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\MYPULN~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\MYPULN~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\MYPULN~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\MYPULN~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1066675084-3487726286-613431335-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23BAFE62-0AF0-4D71-98C2-47286139DC45} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\26EFAB320FA017D4892C74821693CD54 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MYPULN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MYPULN~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\MYPULN~1\AppData\Local\Mozilla\Firefox\Profiles\nkgjor0t.default\cache2 emptied successfully
C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\storage\default\https+++playerio-a.akamaihd.net\cache emptied successfully
C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\storage\default\https+++www.duolingo.com\cache emptied successfully
C:\Users\MYPULN~1\AppData\Roaming\Mozilla\Firefox\Profiles\nkgjor0t.default\storage\default\https+++www.pinterest.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\MYPULN~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=134 folders=28 16209850 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\MYPULN~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MYPULN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 25.07.2016 at 22:01:47,16 ======================
Co nejde rozumem, jde kladivem !
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nechtěné naskakování www adres

#14 Příspěvek od Rudy »

A Junkware?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
harmony36
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 21 led 2009 12:24

Re: Nechtěné naskakování www adres

#15 Příspěvek od harmony36 »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x64
Ran by Myçpulˇn (Administrator) on po 25.07.2016 at 22:11:40,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\Myçpulˇn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8EO7Y60 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Myçpulˇn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQDZOGUD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Myçpulˇn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDWGAP7O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Myçpulˇn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7JP8FE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B8EO7Y60 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQDZOGUD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KDWGAP7O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH7JP8FE (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 25.07.2016 at 22:13:52,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Co nejde rozumem, jde kladivem !
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“