Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Samovolné otevírání oken v prohlížeči, při kliknutí kamkoliv

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Samovolné otevírání oken v prohlížeči, při kliknutí kamkoliv

#1 Příspěvek od heanka »

Dobrý večer,
v chromu při kliknutí kamkoliv čí psaní , vyskakují nevyžádaná okna s pornem, soutěží nebo stránky , které se tváří, že jsou od Microsoftu.
Pročistili jsme pc Adwar cleanerem ale okna stále vyskakují.
Děkuji předem za pomoc a ochotu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Andrejka (administrator) on A-PC (04-02-2017 20:44:32)
Running from C:\Users\Andrejka\Desktop
Loaded Profiles: Andrejka & UpdatusUser (Available Profiles: Andrejka & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CÍGLER SOFTWARE, a.s.) C:\Program Files (x86)\CIGLER SOFTWARE\Money S3\MS3Auto.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Users\Andrejka\AppData\Local\Apps\2.0\Q0Q5A74O.597\4Y0E0VKT.BL4\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\Andrejka\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2012-04-27] (Alcor Micro Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-18] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-04-18] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2016-01-31] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2016-01-31] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\Run: [GoogleChromeAutoLaunch_74A5810E6D4D1CD89630C5C531BBBE6A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\Run: [S3Automatic] => C:\Program Files (x86)\CIGLER SOFTWARE\Money S3\MS3Auto.exe [31631312 2016-11-29] (CÍGLER SOFTWARE, a.s.)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\Run: [S3AutomaticSTART] => C:\Program Files (x86)\CIGLER SOFTWARE\Money S3\MS3Auto.exe [31631312 2016-11-29] (CÍGLER SOFTWARE, a.s.)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: D - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: {16fefc62-c8e8-11e6-b291-3c970e337901} - D:\HiSuiteDownLoader.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 31.132.31.132 31.132.31.232
Tcpip\..\Interfaces\{AC4373F7-BA43-4474-AB3C-39B1D7D60CE2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8E0EED6-D2C0-46E5-8400-9C886B6FE3EC}: [DhcpNameServer] 31.132.31.132 31.132.31.232

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

FireFox:
========
FF DefaultProfile: 5xguzx17.default
FF ProfilePath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default [2017-02-04]
FF NewTab: Mozilla\Firefox\Profiles\5xguzx17.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... 8_CZ_ff_nt_
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\5xguzx17.default -> Amazon
FF Homepage: Mozilla\Firefox\Profiles\5xguzx17.default -> www.google.cz/
FF Extension: (Google Translator for Firefox) - C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\Extensions\translator@zoli.bod.xpi [2017-02-02]
FF Extension: (Diagnostics) - C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\features\{d512048d-0315-4eaf-b5b0-c6fb3fde60ec}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\features\{d512048d-0315-4eaf-b5b0-c6fb3fde60ec}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2849641181-2342539820-3421546230-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrejka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Prezentace Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-16]
CHR Extension: (Dokumenty Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16]
CHR Extension: (Disk Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Export History) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknbcfebliancjjedjblkhfefoppcedo [2016-12-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Diep Friends - by Creators of Agar.pw) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbhaejibfpkjkblcnhccangahmmlgejd [2016-08-15]
CHR Extension: (Tabulky Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-16]
CHR Extension: (GIVT.cz) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfjoibkmcdpipebclkmekplmdjhmkop [2016-12-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Agar/Slither Infinity) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhheoadpkhnhicikbeaikololmoegma [2016-10-30]
CHR Extension: (Tlačítko Pin It) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (Google Keep – poznámky a seznamy) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-31]
CHR Extension: (FormApps Chrome Extension) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2016-08-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR Profile: C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\System Profile [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1318128 2017-01-23] (Overwolf LTD)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-04-18] (Synaptics Incorporated)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 20:44 - 2017-02-04 20:44 - 00021366 _____ C:\Users\Andrejka\Desktop\FRST.txt
2017-02-04 20:31 - 2017-02-04 20:31 - 00000000 ____D C:\FRST
2017-02-04 20:30 - 2017-02-04 20:30 - 00112640 _____ (forum.viry.cz) C:\Users\Andrejka\Desktop\FRSTLauncher.exe
2017-02-04 20:28 - 2017-02-04 20:28 - 02420736 _____ (Farbar) C:\Users\Andrejka\Desktop\FRST64.exe
2017-02-02 15:05 - 2017-02-02 15:05 - 00077146 _____ C:\Users\Andrejka\Desktop\otvíračka pátek.pdf
2017-02-02 11:08 - 2017-02-02 11:10 - 00000000 ____D C:\AdwCleaner
2017-02-02 11:06 - 2017-02-02 11:07 - 04015056 _____ C:\Users\Andrejka\Downloads\adwcleaner_6.043.exe
2017-02-02 10:54 - 2017-02-02 10:54 - 20229480 _____ C:\Users\Andrejka\Downloads\FISKARS- CENÍKY.zip
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16467311_1626962380654277_948502074_n.jpg.uid-zps
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16466994_1626962403987608_2133468565_n.jpg.uid-zps
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16442926_1626960257321156_1995635054_o.jpg.uid-zps
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16389418_1626960100654505_437363031_o.jpg.uid-zps
2017-02-01 09:37 - 2017-02-01 09:37 - 00000110 ____H C:\Users\Andrejka\Downloads\16467308_1626962367320945_1218474671_n.jpg.uid-zps
2017-01-31 17:30 - 2017-01-31 17:30 - 00068109 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví vs3.pdf
2017-01-31 17:22 - 2017-01-31 17:22 - 00025221 _____ C:\Users\Andrejka\Downloads\Internetové-bankovnictví.trojcata.pdf
2017-01-31 17:21 - 2017-01-31 17:21 - 00070337 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví - 28112012.pdf
2017-01-31 17:17 - 2017-01-31 17:17 - 00064212 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví 07012016.pdf
2017-01-31 17:16 - 2017-01-31 17:16 - 00074219 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví 7012016.pdf
2017-01-31 17:14 - 2017-01-31 17:14 - 00093744 _____ C:\Users\Andrejka\Downloads\Internetové-bankovnictví-17.11.2016-do-5.1.2017.pdf
2017-01-31 16:49 - 2017-01-31 16:49 - 00003639 _____ C:\Users\Andrejka\Documents\Můj film.wlmp
2017-01-31 14:32 - 2017-01-31 14:32 - 00155644 _____ C:\Users\Andrejka\Downloads\Prodejka-za-hotove.pdf
2017-01-31 14:08 - 2017-01-31 14:08 - 00038005 _____ C:\Users\Andrejka\Desktop\rekapitulace.pdf
2017-01-31 14:07 - 2017-01-31 14:07 - 00123112 _____ C:\Users\Andrejka\Desktop\Objednávka č.201700567 - Nonstopstavebniny.pdf
2017-01-31 11:40 - 2017-01-31 11:40 - 00103432 _____ C:\Users\Andrejka\Desktop\RE_ Daňový doklad zálohy PRODOMOS.pdf
2017-01-30 15:48 - 2017-01-30 15:49 - 17516255 _____ ( ) C:\Users\Andrejka\Downloads\instalujmzdy.exe
2017-01-30 15:47 - 2017-02-04 20:38 - 00000000 ____D C:\PFSW
2017-01-30 15:35 - 2017-01-30 15:36 - 85957207 _____ (ing. Pavel Macek ) C:\Users\Andrejka\Downloads\StartPF.exe
2017-01-28 10:24 - 2017-01-28 10:24 - 01559758 _____ C:\Users\Andrejka\Downloads\manual_sbirky (2).pdf
2017-01-27 22:25 - 2017-01-27 22:31 - 390968983 _____ (ČAPEK - WinDUO, s.r.o.) C:\Users\Andrejka\Downloads\WinDUO.exe
2017-01-27 22:20 - 2017-01-27 22:22 - 160795862 _____ (DeCe COMPUTERS s.r.o. Děčín ) C:\Users\Andrejka\Downloads\demouctw.exe
2017-01-27 22:01 - 2017-01-27 22:01 - 00010790 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20161101-20161130_cislo-11.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00008060 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20161201-20161231_cislo-12.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00006240 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160801-20160831_cislo-8.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00005980 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160501-20160531_cislo-5.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00005590 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160901-20160930_cislo-9.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00004290 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160601-20160630_cislo-6.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003770 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160201-20160229_cislo-2.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003770 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160101-20160131_cislo-1.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003380 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160401-20160430_cislo-4.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003380 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160301-20160331_cislo-3.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00002210 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20161001-20161031_cislo-10.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00002080 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160701-20160731_cislo-7.gpc
2017-01-27 21:56 - 2017-01-27 21:56 - 00014170 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151101-20151130_cislo-2.gpc
2017-01-27 21:56 - 2017-01-27 21:56 - 00011310 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151201-20151231_cislo-3.gpc
2017-01-27 21:56 - 2017-01-27 21:56 - 00007280 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151021-20151031_cislo-1.gpc
2017-01-27 21:47 - 2017-01-27 21:47 - 00025696 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151101-20151130_cislo-2.csv
2017-01-27 21:47 - 2017-01-27 21:47 - 00021721 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151201-20151231_cislo-3.csv
2017-01-27 21:47 - 2017-01-27 21:47 - 00013198 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151021-20151031_cislo-1.csv
2017-01-27 21:47 - 2017-01-27 21:47 - 00008003 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160101-20160131_cislo-1.csv
2017-01-27 21:40 - 2017-01-27 22:10 - 00000000 ____D C:\ProgramData\Atma10
2017-01-27 21:38 - 2017-01-27 21:38 - 41996742 _____ (ATMA Vratislav Bělský ) C:\Users\Andrejka\Downloads\SetupAtma1038.exe
2017-01-27 16:14 - 2017-01-27 16:14 - 00941034 _____ C:\Users\Andrejka\Downloads\1414145162_0_1372261250_0_pruvodce-obcanskym-zakonikem-pro-nadace-a-nadacni-fondy_fd-(5).pdf
2017-01-27 15:19 - 2017-01-27 15:19 - 00049320 _____ C:\Users\Andrejka\Downloads\1300719933_0_povinnosti_nadaci (1).pdf
2017-01-27 15:12 - 2017-01-27 15:12 - 00722432 _____ C:\Users\Andrejka\Downloads\UCZAV_NO16 (1).xls
2017-01-27 13:35 - 2017-01-27 13:35 - 00070835 _____ C:\Users\Andrejka\Downloads\Jak a kdy využít marketingové materiály.pdf
2017-01-27 13:35 - 2017-01-27 13:35 - 00063117 _____ C:\Users\Andrejka\Downloads\E-maily podporovatelům_zima-jaro.pdf
2017-01-27 13:35 - 2017-01-27 13:35 - 00058067 _____ C:\Users\Andrejka\Downloads\Texty pro web_zima-jaro.pdf
2017-01-27 13:35 - 2017-01-27 13:35 - 00049726 _____ C:\Users\Andrejka\Downloads\Facebook statusy_zima-jaro.pdf
2017-01-27 11:56 - 2017-01-28 08:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 22:25 - 2017-01-26 22:25 - 00443814 _____ C:\Users\Andrejka\Documents\Nadační fond.pdf
2017-01-26 22:15 - 2017-01-26 22:15 - 00047470 _____ C:\Users\Andrejka\Downloads\Pohyb_13885653719_na_uctu_2700977831.pdf
2017-01-26 10:21 - 2017-01-26 10:21 - 00000110 ____H C:\Users\Andrejka\Downloads\16358736_1619463874737461_1518917587_n.jpg.uid-zps
2017-01-24 22:15 - 2017-01-24 22:15 - 00213280 _____ C:\Users\Andrejka\Downloads\XPrijC160401214C.pdf
2017-01-24 22:14 - 2017-01-24 22:14 - 00842713 _____ C:\Users\Andrejka\Downloads\podaci_listek-2017-24-01-22-14-07.pdf
2017-01-24 22:10 - 2017-01-24 22:10 - 00214802 _____ C:\Users\Andrejka\Documents\Příjem - 4čtvrtletí.pdf
2017-01-24 21:54 - 2017-01-24 21:54 - 00022528 _____ C:\Users\Andrejka\Documents\Návštěvnost.xls
2017-01-24 21:47 - 2017-01-24 21:49 - 00022016 _____ C:\Users\Andrejka\Documents\Výsledková listina.xls
2017-01-24 21:27 - 2017-01-24 21:27 - 00010236 _____ C:\Users\Andrejka\Documents\Evidence spotřeby.xlsx
2017-01-24 20:47 - 2017-01-24 20:47 - 00010806 _____ C:\Users\Andrejka\Documents\Výsledková listina.xlsx
2017-01-24 11:01 - 2017-01-24 11:01 - 00079996 _____ C:\Users\Andrejka\Documents\PLNÁ MOC.pdf
2017-01-24 10:29 - 2017-01-24 11:02 - 00079996 _____ C:\Users\Andrejka\Documents\PLNÁ MOC-vydání věci.pdf
2017-01-23 17:08 - 2017-01-23 17:08 - 00047794 _____ C:\Users\Andrejka\Downloads\Pohyb_13883837275_na_uctu_2700977831.pdf
2017-01-23 17:05 - 2017-01-23 17:05 - 00025221 _____ C:\Users\Andrejka\Documents\Internetové bankovnictví.trojcata.pdf
2017-01-23 15:32 - 2017-01-23 15:32 - 00199519 _____ C:\Users\Andrejka\Downloads\434416768_1_Poučení_pošk__právnické_osoby_v_tr_ř_-poučení_poškozeného.pdf
2017-01-23 15:32 - 2017-01-23 15:32 - 00186946 _____ C:\Users\Andrejka\Downloads\434467775_0_Usn__o_vrácení__vyd___věci___80_1_tr__ř_-Usnesení_nadace.pdf
2017-01-23 15:32 - 2017-01-23 15:32 - 00160199 _____ C:\Users\Andrejka\Downloads\434416768_0_-vyčíslení_škody.pdf
2017-01-23 15:29 - 2017-01-23 15:29 - 00497668 _____ C:\Users\Andrejka\Downloads\434648411_0_TPAdamTantu.doc.pdf
2017-01-23 13:10 - 2017-01-23 13:10 - 00001040 _____ C:\Users\Andrejka\Downloads\ali.txt
2017-01-23 12:51 - 2017-01-23 12:52 - 210986104 _____ ( ) C:\Users\Andrejka\Downloads\duelsetup-13-1-0-32000.exe
2017-01-23 11:07 - 2017-01-23 11:07 - 00176391 _____ C:\Users\Andrejka\Documents\Faktura 17FV510100000136.PDF
2017-01-23 10:44 - 2017-01-23 10:44 - 00134384 _____ C:\Users\Andrejka\Downloads\Faktura_0013247430_4576497300_1607013439.PDF
2017-01-21 10:33 - 2017-01-21 10:33 - 00062041 _____ C:\Users\Andrejka\Documents\připojení.pdf
2017-01-20 11:20 - 2017-01-20 11:38 - 00000000 ____D C:\Users\Andrejka\AppData\Local\Neopokladna
2017-01-20 11:19 - 2017-01-20 11:20 - 00000000 ____D C:\Program Files (x86)\Neopokladna
2017-01-19 16:37 - 2017-01-19 16:37 - 00107546 _____ C:\Users\Andrejka\Downloads\Darovací smlouva NFDS- finanční dar (4).pdf
2017-01-15 00:47 - 2017-01-15 00:47 - 87238672 _____ (Ježek software s.r.o. ) C:\Users\Andrejka\Downloads\stereo-2500.exe
2017-01-15 00:34 - 2017-01-15 00:35 - 00000000 ____D C:\Users\Andrejka\Downloads\SQLManagementStudio_2014_x64_ENU
2017-01-15 00:34 - 2017-01-15 00:34 - 00000000 ____D C:\Users\Andrejka\AppData\Local\Microsoft_Corporation
2017-01-15 00:27 - 2017-01-15 00:29 - 00000000 ____D C:\Users\Andrejka\Downloads\sqlexpr2014_64
2017-01-14 09:59 - 2017-01-14 09:59 - 00000000 ____D C:\Users\Andrejka\EET-UČTENKY
2017-01-14 09:57 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Andrejka\Documents\jsweet
2017-01-10 14:19 - 2017-01-10 14:19 - 00113762 _____ C:\Users\Andrejka\Downloads\Nákup v Číně 7.1.2017.xlsx
2017-01-10 12:15 - 2017-01-15 00:39 - 00000000 ____D C:\ProgramData\firebird
2017-01-10 12:15 - 2017-01-10 12:15 - 00000000 ____D C:\ABX
2017-01-05 23:25 - 2017-01-05 23:25 - 00107546 _____ C:\Users\Andrejka\Downloads\Darovací smlouva NFDS- finanční dar (3).pdf
2017-01-05 16:31 - 2017-01-05 16:31 - 00061681 _____ C:\Users\Andrejka\Documents\záložky_05.01.17.html
2017-01-05 08:29 - 2017-01-05 08:29 - 00156324 _____ C:\Users\Andrejka\Documents\ŽIVOTOPIS.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 20:43 - 2016-07-31 15:50 - 00000000 ____D C:\Users\Andrejka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battlelog.co
2017-02-04 20:43 - 2016-07-31 15:50 - 00000000 ____D C:\Users\Andrejka\AppData\Local\bf2battlelog
2017-02-04 20:43 - 2015-12-11 10:49 - 00000000 ____D C:\Users\Andrejka
2017-02-04 20:25 - 2016-11-20 10:39 - 00000000 ____D C:\Users\Andrejka\AppData\LocalLow\Mozilla
2017-02-04 20:19 - 2015-12-14 09:02 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-04 12:32 - 2015-12-11 13:00 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-02-04 11:59 - 2016-09-23 21:13 - 00000000 ____D C:\Users\Andrejka\Counter-Strike 1.6
2017-02-04 10:13 - 2009-07-14 05:45 - 00018416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-04 10:13 - 2009-07-14 05:45 - 00018416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-04 10:08 - 2009-07-14 16:18 - 00668792 _____ C:\Windows\system32\perfh005.dat
2017-02-04 10:08 - 2009-07-14 16:18 - 00141420 _____ C:\Windows\system32\perfc005.dat
2017-02-04 10:08 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 10:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-04 10:02 - 2015-12-11 13:00 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-02-04 10:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 11:15 - 2016-01-12 19:08 - 00000000 ____D C:\Users\Andrejka\AppData\Local\Deployment
2017-01-31 15:22 - 2016-01-07 15:28 - 00000000 ____D C:\Users\Andrejka\Documents\Dokumenty fondu
2017-01-30 08:17 - 2016-11-22 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-30 08:17 - 2015-12-11 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 22:33 - 2016-01-13 08:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-26 15:27 - 2016-01-15 21:26 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-01-23 12:56 - 2017-01-04 16:38 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-01-22 09:37 - 2016-10-05 13:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 11:38 - 2016-01-29 19:11 - 00000000 ____D C:\Users\Andrejka\AppData\Local\CrashDumps
2017-01-18 13:24 - 2015-12-11 12:08 - 00000000 ____D C:\ProgramData\Oracle
2017-01-18 13:17 - 2015-12-14 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 13:17 - 2015-12-14 08:59 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-18 13:16 - 2015-12-14 08:59 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-13 16:25 - 2016-10-24 11:39 - 00000000 ____D C:\Users\Andrejka\Documents\Eliška
2017-01-12 20:10 - 2015-12-13 03:59 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:19 - 2015-12-14 09:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 18:19 - 2015-12-14 09:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 18:19 - 2015-12-14 09:02 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 18:19 - 2015-12-14 09:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 18:19 - 2015-12-14 09:02 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======


Files to move or delete:
====================
C:\Users\Andrejka\ts3client_win64.exe


Some files in TEMP:
====================
2017-01-18 13:08 - 2017-01-18 13:08 - 0739904 _____ (Oracle Corporation) C:\Users\Andrejka\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-22 00:34 - 2017-01-22 00:34 - 13977352 _____ (Microsoft Corporation) C:\Users\Andrejka\AppData\Local\Temp\vcredist_x86.exe
2007-08-31 12:12 - 2007-08-31 12:12 - 0460248 ____R (Macrovision Corporation) C:\Users\Andrejka\AppData\Local\Temp\_is293E.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Andrejka\Desktop" je 23 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(6.32 KiB) Staženo 43 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113400
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#3 Příspěvek od heanka »

# AdwCleaner v6.043 - Log vytvořen 04/02/2017 v 21:03:39
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-03.2 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Andrejka - A-PC
# Spuštěno z : C:\Users\Andrejka\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2143 Bajty] - [02/02/2017 11:10:41]
C:\AdwCleaner\AdwCleaner[C2].txt - [888 Bajty] - [04/02/2017 21:03:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2247 Bajty] - [02/02/2017 11:10:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [1532 Bajty] - [04/02/2017 21:03:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1106 Bajty] ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113400
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#4 Příspěvek od Rudy »

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: D - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: {16fefc62-c8e8-11e6-b291-3c970e337901} - D:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Andrejka\ts3client_win64.exe
C:\Users\Andrejka\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#5 Příspěvek od heanka »

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Andrejka (04-02-2017 22:55:18) Run:1
Running from C:\Users\Andrejka\Desktop
Loaded Profiles: Andrejka & UpdatusUser (Available Profiles: Andrejka & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: D - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: {16fefc62-c8e8-11e6-b291-3c970e337901} - D:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Andrejka\ts3client_win64.exe
C:\Users\Andrejka\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).

EmptyTemp:
End

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => key removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16fefc62-c8e8-11e6-b291-3c970e337901} => key removed successfully
HKCR\CLSID\{16fefc62-c8e8-11e6-b291-3c970e337901} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Andrejka\ts3client_win64.exe => moved successfully

"C:\Users\Andrejka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Andrejka\AppData\Local\Temp" => Scheduled to move on reboot.

HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26747505 B
Java, Flash, Steam htmlcache => 8909 B
Windows/system/drivers => 495600459 B
Edge => 0 B
Chrome => 688898586 B
Firefox => 374957202 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 5119224 B
Andrejka => 227864033 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-02-2017 22:57:52)

"C:\Users\Andrejka\AppData\Local\Temp" => Could not move

==== End of Fixlog 22:57:54 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113400
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#6 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#7 Příspěvek od heanka »

Dobrý večer,
okna vyskakují stále.
Obrázek
Obrázek
Obrázek

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113400
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#8 Příspěvek od Rudy »

Ještě zkusíme tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;




Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#9 Příspěvek od heanka »

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Andrejka on p  10.02.2017 at 9:21:30,10.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Andrejka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.2.2017 9:22:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\EmEx3.com deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nokia deleted successfully
C:\PROGRA~3\com.aspexsoftware.Silhouette_Studio.license deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\PROGRA~3\Nokia deleted successfully
C:\Users\Andrejka\AppData\Roaming\LG Electronics deleted successfully
C:\Users\Andrejka\AppData\Roaming\Nokia deleted successfully
C:\Users\Andrejka\AppData\Roaming\Nokia Suite deleted successfully
C:\Users\Andrejka\AppData\Local\LG Electronics deleted successfully
C:\Users\Andrejka\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.cz/");
user_pref("browser.newtab.url", "https://www.amazon.com/gp/bit/amazonser ... 8_CZ_ff_nt_");
user_pref("browser.search.order.1", "Amazon");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default\prefs.js:

Added to C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\EmEx3.com not found
C:\PROGRA~2\Nokia not found
C:\PROGRA~3\com.aspexsoftware.Silhouette_Studio.license not found
C:\Users\Andrejka\AppData\Roaming\bf2battlelog deleted
C:\Users\Andrejka\.android deleted
C:\Users\Andrejka\AppData\Local\Unity deleted
C:\Users\Andrejka\AppData\LocalLow\Unity deleted
C:\Users\Public\Documents\AlawarWrapper deleted
"C:\PROGRA~3\Package Cache" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default
0048955C7ED3A6D5B006240956003F51 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll - Shockwave for Director / Shockwave for Director
9E602A9634AC3EFA8CD5BC4CD943416B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll - Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Export History - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknbcfebliancjjedjblkhfefoppcedo
Diep Friends - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbhaejibfpkjkblcnhccangahmmlgejd
GIVT.cz - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfjoibkmcdpipebclkmekplmdjhmkop
Agar/Slither Infinity - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhheoadpkhnhicikbeaikololmoegma
FormApps Chrome Extension - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi
Chrome Media Router - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrejka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Andrejka\AppData\Local\Mozilla\Firefox\Profiles\5xguzx17.default\cache2 emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++cs.nametests.com\cache emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++www.facebook.com\cache emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++www.kasafik.cz\cache emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=83 folders=42 584315014 bytes)

==== Empty Temp Folders ======================

C:\Users\Andrejka\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-30-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on p  10.02.2017 at 9:57:15,11 ======================

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#10 Příspěvek od heanka »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Andrejka (Administrator) on p  10.02.2017 at 9:58:39,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\pdfforge (Folder)
Successfully deleted: C:\Users\Andrejka\AppData\Local\alawarwrapper (Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_74A5810E6D4D1CD89630C5C531BBBE6A (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  10.02.2017 at 10:01:03,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113400
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Samovolné otevírání oken v prohlížeči, při kliknutí kamk

#11 Příspěvek od Rudy »

Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět