VIRY.CZ

Dobrý večer,
v chromu při kliknutí kamkoliv čí psaní , vyskakují nevyžádaná okna s pornem, soutěží nebo stránky , které se tváří, že jsou od Microsoftu.
Pročistili jsme pc Adwar cleanerem ale okna stále vyskakují.
Děkuji předem za pomoc a ochotu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Andrejka (administrator) on A-PC (04-02-2017 20:44:32)
Running from C:\Users\Andrejka\Desktop
Loaded Profiles: Andrejka & UpdatusUser (Available Profiles: Andrejka & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CÍGLER SOFTWARE, a.s.) C:\Program Files (x86)\CIGLER SOFTWARE\Money S3\MS3Auto.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Users\Andrejka\AppData\Local\Apps\2.0\Q0Q5A74O.597\4Y0E0VKT.BL4\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\Andrejka\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => c:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2012-04-27] (Alcor Micro Corp.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-18] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-04-18] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2016-01-31] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2016-01-31] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\Run: [GoogleChromeAutoLaunch_74A5810E6D4D1CD89630C5C531BBBE6A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\Run: [S3Automatic] => C:\Program Files (x86)\CIGLER SOFTWARE\Money S3\MS3Auto.exe [31631312 2016-11-29] (CÍGLER SOFTWARE, a.s.)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\Run: [S3AutomaticSTART] => C:\Program Files (x86)\CIGLER SOFTWARE\Money S3\MS3Auto.exe [31631312 2016-11-29] (CÍGLER SOFTWARE, a.s.)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: D - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: {16fefc62-c8e8-11e6-b291-3c970e337901} - D:\HiSuiteDownLoader.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 31.132.31.132 31.132.31.232
Tcpip\..\Interfaces\{AC4373F7-BA43-4474-AB3C-39B1D7D60CE2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F8E0EED6-D2C0-46E5-8400-9C886B6FE3EC}: [DhcpNameServer] 31.132.31.132 31.132.31.232

Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-18] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-18] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

FireFox:
========
FF DefaultProfile: 5xguzx17.default
FF ProfilePath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default [2017-02-04]
FF NewTab: Mozilla\Firefox\Profiles\5xguzx17.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bi ... 8_CZ_ff_nt_
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\5xguzx17.default -> Amazon
FF Homepage: Mozilla\Firefox\Profiles\5xguzx17.default -> www.google.cz/
FF Extension: (Google Translator for Firefox) - C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\Extensions\translator@zoli.bod.xpi [2017-02-02]
FF Extension: (Diagnostics) - C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\features\{d512048d-0315-4eaf-b5b0-c6fb3fde60ec}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\features\{d512048d-0315-4eaf-b5b0-c6fb3fde60ec}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2849641181-2342539820-3421546230-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrejka\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default [2017-02-04]
CHR Extension: (Prezentace Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-16]
CHR Extension: (Dokumenty Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-16]
CHR Extension: (Disk Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-16]
CHR Extension: (YouTube) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-16]
CHR Extension: (Export History) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknbcfebliancjjedjblkhfefoppcedo [2016-12-27]
CHR Extension: (Vyhledávání Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Diep Friends - by Creators of Agar.pw) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbhaejibfpkjkblcnhccangahmmlgejd [2016-08-15]
CHR Extension: (Tabulky Google) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-16]
CHR Extension: (GIVT.cz) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfjoibkmcdpipebclkmekplmdjhmkop [2016-12-07]
CHR Extension: (Dokumenty Google offline) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Agar/Slither Infinity) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhheoadpkhnhicikbeaikololmoegma [2016-10-30]
CHR Extension: (Tlačítko Pin It) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (Google Keep – poznámky a seznamy) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-01-31]
CHR Extension: (FormApps Chrome Extension) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2016-08-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR Profile: C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\System Profile [2016-03-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2016-08-26] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2015-12-10] (Lenovo)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1318128 2017-01-23] (Overwolf LTD)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2016-05-25] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-04-18] (Synaptics Incorporated)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 20:44 - 2017-02-04 20:44 - 00021366 _____ C:\Users\Andrejka\Desktop\FRST.txt
2017-02-04 20:31 - 2017-02-04 20:31 - 00000000 ____D C:\FRST
2017-02-04 20:30 - 2017-02-04 20:30 - 00112640 _____ (forum.viry.cz) C:\Users\Andrejka\Desktop\FRSTLauncher.exe
2017-02-04 20:28 - 2017-02-04 20:28 - 02420736 _____ (Farbar) C:\Users\Andrejka\Desktop\FRST64.exe
2017-02-02 15:05 - 2017-02-02 15:05 - 00077146 _____ C:\Users\Andrejka\Desktop\otvíračka pátek.pdf
2017-02-02 11:08 - 2017-02-02 11:10 - 00000000 ____D C:\AdwCleaner
2017-02-02 11:06 - 2017-02-02 11:07 - 04015056 _____ C:\Users\Andrejka\Downloads\adwcleaner_6.043.exe
2017-02-02 10:54 - 2017-02-02 10:54 - 20229480 _____ C:\Users\Andrejka\Downloads\FISKARS- CENÍKY.zip
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16467311_1626962380654277_948502074_n.jpg.uid-zps
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16466994_1626962403987608_2133468565_n.jpg.uid-zps
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16442926_1626960257321156_1995635054_o.jpg.uid-zps
2017-02-01 09:38 - 2017-02-01 09:38 - 00000110 ____H C:\Users\Andrejka\Downloads\16389418_1626960100654505_437363031_o.jpg.uid-zps
2017-02-01 09:37 - 2017-02-01 09:37 - 00000110 ____H C:\Users\Andrejka\Downloads\16467308_1626962367320945_1218474671_n.jpg.uid-zps
2017-01-31 17:30 - 2017-01-31 17:30 - 00068109 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví vs3.pdf
2017-01-31 17:22 - 2017-01-31 17:22 - 00025221 _____ C:\Users\Andrejka\Downloads\Internetové-bankovnictví.trojcata.pdf
2017-01-31 17:21 - 2017-01-31 17:21 - 00070337 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví - 28112012.pdf
2017-01-31 17:17 - 2017-01-31 17:17 - 00064212 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví 07012016.pdf
2017-01-31 17:16 - 2017-01-31 17:16 - 00074219 _____ C:\Users\Andrejka\Desktop\Internetové bankovnictví 7012016.pdf
2017-01-31 17:14 - 2017-01-31 17:14 - 00093744 _____ C:\Users\Andrejka\Downloads\Internetové-bankovnictví-17.11.2016-do-5.1.2017.pdf
2017-01-31 16:49 - 2017-01-31 16:49 - 00003639 _____ C:\Users\Andrejka\Documents\Můj film.wlmp
2017-01-31 14:32 - 2017-01-31 14:32 - 00155644 _____ C:\Users\Andrejka\Downloads\Prodejka-za-hotove.pdf
2017-01-31 14:08 - 2017-01-31 14:08 - 00038005 _____ C:\Users\Andrejka\Desktop\rekapitulace.pdf
2017-01-31 14:07 - 2017-01-31 14:07 - 00123112 _____ C:\Users\Andrejka\Desktop\Objednávka č.201700567 - Nonstopstavebniny.pdf
2017-01-31 11:40 - 2017-01-31 11:40 - 00103432 _____ C:\Users\Andrejka\Desktop\RE_ Daňový doklad zálohy PRODOMOS.pdf
2017-01-30 15:48 - 2017-01-30 15:49 - 17516255 _____ ( ) C:\Users\Andrejka\Downloads\instalujmzdy.exe
2017-01-30 15:47 - 2017-02-04 20:38 - 00000000 ____D C:\PFSW
2017-01-30 15:35 - 2017-01-30 15:36 - 85957207 _____ (ing. Pavel Macek ) C:\Users\Andrejka\Downloads\StartPF.exe
2017-01-28 10:24 - 2017-01-28 10:24 - 01559758 _____ C:\Users\Andrejka\Downloads\manual_sbirky (2).pdf
2017-01-27 22:25 - 2017-01-27 22:31 - 390968983 _____ (ČAPEK - WinDUO, s.r.o.) C:\Users\Andrejka\Downloads\WinDUO.exe
2017-01-27 22:20 - 2017-01-27 22:22 - 160795862 _____ (DeCe COMPUTERS s.r.o. Děčín ) C:\Users\Andrejka\Downloads\demouctw.exe
2017-01-27 22:01 - 2017-01-27 22:01 - 00010790 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20161101-20161130_cislo-11.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00008060 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20161201-20161231_cislo-12.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00006240 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160801-20160831_cislo-8.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00005980 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160501-20160531_cislo-5.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00005590 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160901-20160930_cislo-9.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00004290 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160601-20160630_cislo-6.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003770 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160201-20160229_cislo-2.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003770 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160101-20160131_cislo-1.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003380 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160401-20160430_cislo-4.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00003380 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160301-20160331_cislo-3.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00002210 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20161001-20161031_cislo-10.gpc
2017-01-27 22:01 - 2017-01-27 22:01 - 00002080 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160701-20160731_cislo-7.gpc
2017-01-27 21:56 - 2017-01-27 21:56 - 00014170 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151101-20151130_cislo-2.gpc
2017-01-27 21:56 - 2017-01-27 21:56 - 00011310 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151201-20151231_cislo-3.gpc
2017-01-27 21:56 - 2017-01-27 21:56 - 00007280 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151021-20151031_cislo-1.gpc
2017-01-27 21:47 - 2017-01-27 21:47 - 00025696 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151101-20151130_cislo-2.csv
2017-01-27 21:47 - 2017-01-27 21:47 - 00021721 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151201-20151231_cislo-3.csv
2017-01-27 21:47 - 2017-01-27 21:47 - 00013198 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20151021-20151031_cislo-1.csv
2017-01-27 21:47 - 2017-01-27 21:47 - 00008003 _____ C:\Users\Andrejka\Downloads\Vypis_z_uctu-2300880854_20160101-20160131_cislo-1.csv
2017-01-27 21:40 - 2017-01-27 22:10 - 00000000 ____D C:\ProgramData\Atma10
2017-01-27 21:38 - 2017-01-27 21:38 - 41996742 _____ (ATMA Vratislav Bělský ) C:\Users\Andrejka\Downloads\SetupAtma1038.exe
2017-01-27 16:14 - 2017-01-27 16:14 - 00941034 _____ C:\Users\Andrejka\Downloads\1414145162_0_1372261250_0_pruvodce-obcanskym-zakonikem-pro-nadace-a-nadacni-fondy_fd-(5).pdf
2017-01-27 15:19 - 2017-01-27 15:19 - 00049320 _____ C:\Users\Andrejka\Downloads\1300719933_0_povinnosti_nadaci (1).pdf
2017-01-27 15:12 - 2017-01-27 15:12 - 00722432 _____ C:\Users\Andrejka\Downloads\UCZAV_NO16 (1).xls
2017-01-27 13:35 - 2017-01-27 13:35 - 00070835 _____ C:\Users\Andrejka\Downloads\Jak a kdy využít marketingové materiály.pdf
2017-01-27 13:35 - 2017-01-27 13:35 - 00063117 _____ C:\Users\Andrejka\Downloads\E-maily podporovatelům_zima-jaro.pdf
2017-01-27 13:35 - 2017-01-27 13:35 - 00058067 _____ C:\Users\Andrejka\Downloads\Texty pro web_zima-jaro.pdf
2017-01-27 13:35 - 2017-01-27 13:35 - 00049726 _____ C:\Users\Andrejka\Downloads\Facebook statusy_zima-jaro.pdf
2017-01-27 11:56 - 2017-01-28 08:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 22:25 - 2017-01-26 22:25 - 00443814 _____ C:\Users\Andrejka\Documents\Nadační fond.pdf
2017-01-26 22:15 - 2017-01-26 22:15 - 00047470 _____ C:\Users\Andrejka\Downloads\Pohyb_13885653719_na_uctu_2700977831.pdf
2017-01-26 10:21 - 2017-01-26 10:21 - 00000110 ____H C:\Users\Andrejka\Downloads\16358736_1619463874737461_1518917587_n.jpg.uid-zps
2017-01-24 22:15 - 2017-01-24 22:15 - 00213280 _____ C:\Users\Andrejka\Downloads\XPrijC160401214C.pdf
2017-01-24 22:14 - 2017-01-24 22:14 - 00842713 _____ C:\Users\Andrejka\Downloads\podaci_listek-2017-24-01-22-14-07.pdf
2017-01-24 22:10 - 2017-01-24 22:10 - 00214802 _____ C:\Users\Andrejka\Documents\Příjem - 4čtvrtletí.pdf
2017-01-24 21:54 - 2017-01-24 21:54 - 00022528 _____ C:\Users\Andrejka\Documents\Návštěvnost.xls
2017-01-24 21:47 - 2017-01-24 21:49 - 00022016 _____ C:\Users\Andrejka\Documents\Výsledková listina.xls
2017-01-24 21:27 - 2017-01-24 21:27 - 00010236 _____ C:\Users\Andrejka\Documents\Evidence spotřeby.xlsx
2017-01-24 20:47 - 2017-01-24 20:47 - 00010806 _____ C:\Users\Andrejka\Documents\Výsledková listina.xlsx
2017-01-24 11:01 - 2017-01-24 11:01 - 00079996 _____ C:\Users\Andrejka\Documents\PLNÁ MOC.pdf
2017-01-24 10:29 - 2017-01-24 11:02 - 00079996 _____ C:\Users\Andrejka\Documents\PLNÁ MOC-vydání věci.pdf
2017-01-23 17:08 - 2017-01-23 17:08 - 00047794 _____ C:\Users\Andrejka\Downloads\Pohyb_13883837275_na_uctu_2700977831.pdf
2017-01-23 17:05 - 2017-01-23 17:05 - 00025221 _____ C:\Users\Andrejka\Documents\Internetové bankovnictví.trojcata.pdf
2017-01-23 15:32 - 2017-01-23 15:32 - 00199519 _____ C:\Users\Andrejka\Downloads\434416768_1_Poučení_pošk__právnické_osoby_v_tr_ř_-poučení_poškozeného.pdf
2017-01-23 15:32 - 2017-01-23 15:32 - 00186946 _____ C:\Users\Andrejka\Downloads\434467775_0_Usn__o_vrácení__vyd___věci___80_1_tr__ř_-Usnesení_nadace.pdf
2017-01-23 15:32 - 2017-01-23 15:32 - 00160199 _____ C:\Users\Andrejka\Downloads\434416768_0_-vyčíslení_škody.pdf
2017-01-23 15:29 - 2017-01-23 15:29 - 00497668 _____ C:\Users\Andrejka\Downloads\434648411_0_TPAdamTantu.doc.pdf
2017-01-23 13:10 - 2017-01-23 13:10 - 00001040 _____ C:\Users\Andrejka\Downloads\ali.txt
2017-01-23 12:51 - 2017-01-23 12:52 - 210986104 _____ ( ) C:\Users\Andrejka\Downloads\duelsetup-13-1-0-32000.exe
2017-01-23 11:07 - 2017-01-23 11:07 - 00176391 _____ C:\Users\Andrejka\Documents\Faktura 17FV510100000136.PDF
2017-01-23 10:44 - 2017-01-23 10:44 - 00134384 _____ C:\Users\Andrejka\Downloads\Faktura_0013247430_4576497300_1607013439.PDF
2017-01-21 10:33 - 2017-01-21 10:33 - 00062041 _____ C:\Users\Andrejka\Documents\připojení.pdf
2017-01-20 11:20 - 2017-01-20 11:38 - 00000000 ____D C:\Users\Andrejka\AppData\Local\Neopokladna
2017-01-20 11:19 - 2017-01-20 11:20 - 00000000 ____D C:\Program Files (x86)\Neopokladna
2017-01-19 16:37 - 2017-01-19 16:37 - 00107546 _____ C:\Users\Andrejka\Downloads\Darovací smlouva NFDS- finanční dar (4).pdf
2017-01-15 00:47 - 2017-01-15 00:47 - 87238672 _____ (Ježek software s.r.o. ) C:\Users\Andrejka\Downloads\stereo-2500.exe
2017-01-15 00:34 - 2017-01-15 00:35 - 00000000 ____D C:\Users\Andrejka\Downloads\SQLManagementStudio_2014_x64_ENU
2017-01-15 00:34 - 2017-01-15 00:34 - 00000000 ____D C:\Users\Andrejka\AppData\Local\Microsoft_Corporation
2017-01-15 00:27 - 2017-01-15 00:29 - 00000000 ____D C:\Users\Andrejka\Downloads\sqlexpr2014_64
2017-01-14 09:59 - 2017-01-14 09:59 - 00000000 ____D C:\Users\Andrejka\EET-UČTENKY
2017-01-14 09:57 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Andrejka\Documents\jsweet
2017-01-10 14:19 - 2017-01-10 14:19 - 00113762 _____ C:\Users\Andrejka\Downloads\Nákup v Číně 7.1.2017.xlsx
2017-01-10 12:15 - 2017-01-15 00:39 - 00000000 ____D C:\ProgramData\firebird
2017-01-10 12:15 - 2017-01-10 12:15 - 00000000 ____D C:\ABX
2017-01-05 23:25 - 2017-01-05 23:25 - 00107546 _____ C:\Users\Andrejka\Downloads\Darovací smlouva NFDS- finanční dar (3).pdf
2017-01-05 16:31 - 2017-01-05 16:31 - 00061681 _____ C:\Users\Andrejka\Documents\záložky_05.01.17.html
2017-01-05 08:29 - 2017-01-05 08:29 - 00156324 _____ C:\Users\Andrejka\Documents\ŽIVOTOPIS.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 20:43 - 2016-07-31 15:50 - 00000000 ____D C:\Users\Andrejka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battlelog.co
2017-02-04 20:43 - 2016-07-31 15:50 - 00000000 ____D C:\Users\Andrejka\AppData\Local\bf2battlelog
2017-02-04 20:43 - 2015-12-11 10:49 - 00000000 ____D C:\Users\Andrejka
2017-02-04 20:25 - 2016-11-20 10:39 - 00000000 ____D C:\Users\Andrejka\AppData\LocalLow\Mozilla
2017-02-04 20:19 - 2015-12-14 09:02 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-04 12:32 - 2015-12-11 13:00 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-02-04 11:59 - 2016-09-23 21:13 - 00000000 ____D C:\Users\Andrejka\Counter-Strike 1.6
2017-02-04 10:13 - 2009-07-14 05:45 - 00018416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-04 10:13 - 2009-07-14 05:45 - 00018416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-04 10:08 - 2009-07-14 16:18 - 00668792 _____ C:\Windows\system32\perfh005.dat
2017-02-04 10:08 - 2009-07-14 16:18 - 00141420 _____ C:\Windows\system32\perfc005.dat
2017-02-04 10:08 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 10:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-04 10:02 - 2015-12-11 13:00 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-02-04 10:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 11:15 - 2016-01-12 19:08 - 00000000 ____D C:\Users\Andrejka\AppData\Local\Deployment
2017-01-31 15:22 - 2016-01-07 15:28 - 00000000 ____D C:\Users\Andrejka\Documents\Dokumenty fondu
2017-01-30 08:17 - 2016-11-22 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-01-30 08:17 - 2015-12-11 12:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 22:33 - 2016-01-13 08:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-26 15:27 - 2016-01-15 21:26 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-01-23 12:56 - 2017-01-04 16:38 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-01-22 09:37 - 2016-10-05 13:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 11:38 - 2016-01-29 19:11 - 00000000 ____D C:\Users\Andrejka\AppData\Local\CrashDumps
2017-01-18 13:24 - 2015-12-11 12:08 - 00000000 ____D C:\ProgramData\Oracle
2017-01-18 13:17 - 2015-12-14 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-18 13:17 - 2015-12-14 08:59 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-18 13:16 - 2015-12-14 08:59 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-01-13 16:25 - 2016-10-24 11:39 - 00000000 ____D C:\Users\Andrejka\Documents\Eliška
2017-01-12 20:10 - 2015-12-13 03:59 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:19 - 2015-12-14 09:02 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 18:19 - 2015-12-14 09:02 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 18:19 - 2015-12-14 09:02 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 18:19 - 2015-12-14 09:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 18:19 - 2015-12-14 09:02 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======


Files to move or delete:
====================
C:\Users\Andrejka\ts3client_win64.exe


Some files in TEMP:
====================
2017-01-18 13:08 - 2017-01-18 13:08 - 0739904 _____ (Oracle Corporation) C:\Users\Andrejka\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-22 00:34 - 2017-01-22 00:34 - 13977352 _____ (Microsoft Corporation) C:\Users\Andrejka\AppData\Local\Temp\vcredist_x86.exe
2007-08-31 12:12 - 2007-08-31 12:12 - 0460248 ____R (Macrovision Corporation) C:\Users\Andrejka\AppData\Local\Temp\_is293E.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => c:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Andrejka\Desktop" je 23 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.043 - Log vytvořen 04/02/2017 v 21:03:39
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-03.2 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Andrejka - A-PC
# Spuštěno z : C:\Users\Andrejka\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2143 Bajty] - [02/02/2017 11:10:41]
C:\AdwCleaner\AdwCleaner[C2].txt - [888 Bajty] - [04/02/2017 21:03:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2247 Bajty] - [02/02/2017 11:10:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [1532 Bajty] - [04/02/2017 21:03:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1106 Bajty] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: D - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: {16fefc62-c8e8-11e6-b291-3c970e337901} - D:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Andrejka\ts3client_win64.exe
C:\Users\Andrejka\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Andrejka (04-02-2017 22:55:18) Run:1
Running from C:\Users\Andrejka\Desktop
Loaded Profiles: Andrejka & UpdatusUser (Available Profiles: Andrejka & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: D - D:\HiSuiteDownLoader.exe
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\...\MountPoints2: {16fefc62-c8e8-11e6-b291-3c970e337901} - D:\HiSuiteDownLoader.exe
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Andrejka\ts3client_win64.exe
C:\Users\Andrejka\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).
CustomCLSID: HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Andrejka\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fi (the data entry has 2 more characters).

EmptyTemp:
End

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => key removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16fefc62-c8e8-11e6-b291-3c970e337901} => key removed successfully
HKCR\CLSID\{16fefc62-c8e8-11e6-b291-3c970e337901} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Andrejka\ts3client_win64.exe => moved successfully

"C:\Users\Andrejka\AppData\Local\Temp" folder move:

Could not move "C:\Users\Andrejka\AppData\Local\Temp" => Scheduled to move on reboot.

HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-2849641181-2342539820-3421546230-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26747505 B
Java, Flash, Steam htmlcache => 8909 B
Windows/system/drivers => 495600459 B
Edge => 0 B
Chrome => 688898586 B
Firefox => 374957202 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 66356 B
LocalService => 66228 B
NetworkService => 5119224 B
Andrejka => 227864033 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-02-2017 22:57:52)

"C:\Users\Andrejka\AppData\Local\Temp" => Could not move

==== End of Fixlog 22:57:54 ====

Smazáno. Nastala nějaká změna?

Dobrý večer,
okna vyskakují stále.

Ještě zkusíme tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Andrejka on p  10.02.2017 at 9:21:30,10.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Andrejka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.2.2017 9:22:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\EmEx3.com deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Nokia deleted successfully
C:\PROGRA~3\com.aspexsoftware.Silhouette_Studio.license deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\PROGRA~3\Nokia deleted successfully
C:\Users\Andrejka\AppData\Roaming\LG Electronics deleted successfully
C:\Users\Andrejka\AppData\Roaming\Nokia deleted successfully
C:\Users\Andrejka\AppData\Roaming\Nokia Suite deleted successfully
C:\Users\Andrejka\AppData\Local\LG Electronics deleted successfully
C:\Users\Andrejka\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.cz/");
user_pref("browser.newtab.url", "https://www.amazon.com/gp/bit/amazonser ... 8_CZ_ff_nt_");
user_pref("browser.search.order.1", "Amazon");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default\prefs.js:

Added to C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\EmEx3.com not found
C:\PROGRA~2\Nokia not found
C:\PROGRA~3\com.aspexsoftware.Silhouette_Studio.license not found
C:\Users\Andrejka\AppData\Roaming\bf2battlelog deleted
C:\Users\Andrejka\.android deleted
C:\Users\Andrejka\AppData\Local\Unity deleted
C:\Users\Andrejka\AppData\LocalLow\Unity deleted
C:\Users\Public\Documents\AlawarWrapper deleted
"C:\PROGRA~3\Package Cache" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi

ProfilePath: C:\Users\Andrejka\AppData\Roaming\Thunderbird\Profiles\h31byeyp.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default
0048955C7ED3A6D5B006240956003F51 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll - Shockwave for Director / Shockwave for Director
9E602A9634AC3EFA8CD5BC4CD943416B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll - Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Export History - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknbcfebliancjjedjblkhfefoppcedo
Diep Friends - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbhaejibfpkjkblcnhccangahmmlgejd
GIVT.cz - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggfjoibkmcdpipebclkmekplmdjhmkop
Agar/Slither Infinity - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhheoadpkhnhicikbeaikololmoegma
FormApps Chrome Extension - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi
Chrome Media Router - Andrejka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Andrejka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Andrejka\AppData\Local\Mozilla\Firefox\Profiles\5xguzx17.default\cache2 emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++cs.nametests.com\cache emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++www.facebook.com\cache emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++www.kasafik.cz\cache emptied successfully
C:\Users\Andrejka\AppData\Roaming\Mozilla\Firefox\Profiles\5xguzx17.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=83 folders=42 584315014 bytes)

==== Empty Temp Folders ======================

C:\Users\Andrejka\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data" not found
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not found
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3" deleted
"C:\Users\Andrejka\AppData\Local\Google\Chrome\User Data\Default\Cache\index" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-30-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on p  10.02.2017 at 9:57:15,11 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Andrejka (Administrator) on p  10.02.2017 at 9:58:39,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\pdfforge (Folder)
Successfully deleted: C:\Users\Andrejka\AppData\Local\alawarwrapper (Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_74A5810E6D4D1CD89630C5C531BBBE6A (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  10.02.2017 at 10:01:03,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Změnilo se něco nyní?