Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola logu - vyskakování oken

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Lorax
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 22 úno 2012 18:18

Kontrola logu - vyskakování oken

#1 Příspěvek od Lorax »

Zdravím mohl by se někdo podívat na můj problém? Pravděpodobně se jedná úplně o ten samí problém jako u ostatních s vyskakování oken 18+ a reimage repair atd. Zkoušel jsem Malwarebytes a adwcleaner, našly nějaké hrozby, ale ikdyž se odstranily, vyskakování oken neskončilo. Děkuji za rady

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Jan (administrator) on LORAX (20-02-2017 12:52:15)
Running from D:\Download1
Loaded Profiles: Jan (Available Profiles: Jan)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Flexera Software LLC) C:\Program Files (x86)\ArcGIS\License10.3\bin\lmgrd.exe
(Flexera Software LLC) C:\Program Files (x86)\ArcGIS\License10.3\bin\lmgrd.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.3\bin\ARCGIS.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera_autoupdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-19] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1517088 2016-11-13] (ABBYY Production LLC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\Run: [Discord] => C:\Users\Jan\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\Policies\Explorer: []
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\MountPoints2: {87dacb30-d0e7-11e6-bea8-28e34790c72d} - "G:\CorelLauncher.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Jan\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1b3e8949-48c2-47f1-8369-b955a7f35c28}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{67e6397d-ff44-4380-aeb3-b34992c68c90}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{eb01c8c2-c326-4368-a10d-2e43ce437b92}: [DhcpNameServer] 10.102.104.254

Internet Explorer:
==================
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3523026578-794161901-3972456178-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3523026578-794161901-3972456178-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-28] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 8obh3292.default
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8obh3292.default [2017-02-16]
FF Extension: (Firebug) - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8obh3292.default\Extensions\firebug@software.joehewitt.com.xpi [2016-11-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (No Name) - C:\Program Files\McAfee\MSK [2016-07-18] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=14108002 ... 5_80B48087
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default [2017-02-20]
CHR Extension: (Prezentace Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-18]
CHR Extension: (Disk Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-18]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-18]
CHR Extension: (Adblock Plus) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-31]
CHR Extension: (Tabulky Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-18]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-18]
CHR Extension: (Open many tabs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojdgnbbcikfegdjfggdhncpjdekcjle [2017-01-30]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-18]
CHR Extension: (Chrome Media Router) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [961744 2014-07-13] (ABBYY Production LLC)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.3\bin\lmgrd.exe [1499512 2014-09-18] (Flexera Software LLC)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2016-12-16] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-06-23] (Tunngle.net GmbH)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108768 2016-07-08] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe [440832 2016-12-15] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8462000 2014-04-18] (Broadcom Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-03] (Disc Soft Ltd)
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; C:\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [13952 2016-09-09] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-20] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_d5bd1ae16e09cc23\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 11:53 - 2017-02-20 11:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-20 11:53 - 2017-02-20 11:53 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-20 11:53 - 2017-02-20 11:53 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-20 11:53 - 2017-02-20 11:53 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-20 11:53 - 2017-02-20 11:53 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-20 11:53 - 2017-02-20 11:53 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-20 11:53 - 2017-02-20 11:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-20 11:52 - 2017-02-20 11:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-20 11:52 - 2017-02-20 11:52 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-20 11:52 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-20 11:08 - 2017-02-20 11:08 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-17 18:41 - 2017-02-17 10:06 - 10316189 _____ C:\Users\Jan\Desktop\Mechanika-hornin-a-inženýrská-geologie,-Pacovský,-Chamra.PDF
2017-02-17 10:04 - 2017-02-17 09:56 - 78447068 _____ C:\Users\Jan\Desktop\Inzenyrská_geologie_Quido-Zaruba.pdf
2017-02-17 09:50 - 2017-02-17 09:50 - 03705411 _____ C:\Users\Jan\Desktop\Geologie-pro-stavební-inženýry.pdf
2017-02-17 00:06 - 2017-02-17 00:06 - 00000000 ___HD C:\OneDriveTemp
2017-02-15 09:05 - 2017-02-15 11:01 - 00000000 ____D C:\Users\Jan\Desktop\Regenerace a Rekultivace
2017-02-12 11:36 - 2016-12-06 07:21 - 00000000 ____D C:\Users\Jan\Desktop\list
2017-02-12 10:38 - 2017-02-12 10:38 - 00000000 ____D C:\Users\Jan\Desktop\light
2017-02-11 12:22 - 2017-02-11 12:22 - 00006057 _____ C:\Users\Jan\Desktop\eQC4YVdJ.cs
2017-02-10 13:15 - 2017-02-16 01:18 - 00000000 ____D C:\Users\Jan\AppData\LocalLow\Mozilla
2017-02-09 18:37 - 2017-02-11 12:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-08 17:32 - 2017-02-08 19:21 - 00000000 ____D C:\Users\Jan\Desktop\LPX2
2017-02-08 14:45 - 2017-02-08 14:49 - 00000000 ____D C:\Users\Jan\AppData\Roaming\discord
2017-02-08 14:45 - 2017-02-08 14:45 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-08 14:44 - 2017-02-08 14:45 - 00000000 ____D C:\Users\Jan\AppData\Local\SquirrelTemp
2017-02-08 14:44 - 2017-02-08 14:45 - 00000000 ____D C:\Users\Jan\AppData\Local\Discord
2017-02-07 14:02 - 2017-02-11 11:48 - 00000000 ____D C:\Program Files\trend micro
2017-02-07 14:02 - 2017-02-07 14:03 - 00000000 ____D C:\rsit
2017-02-07 13:49 - 2017-02-20 11:08 - 00000000 ____D C:\AdwCleaner
2017-02-01 12:54 - 2017-02-01 12:55 - 03650180 _____ () C:\Users\Jan\Desktop\Minecraft warez launcher.exe
2017-01-25 18:22 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 18:22 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 21:17 - 2017-01-24 21:38 - 00030720 _____ C:\Users\Jan\Desktop\tabulka.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 12:42 - 2016-09-19 09:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-20 11:45 - 2016-07-18 11:33 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-20 11:17 - 2016-07-18 11:17 - 00000062 _____ C:\Users\Jan\AppData\Roaming\sp_data.sys
2017-02-20 11:15 - 2016-08-02 08:56 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-20 11:14 - 2016-07-18 13:42 - 00000000 ___RD C:\Users\Jan\OneDrive
2017-02-20 11:11 - 2016-07-18 14:28 - 00000000 __SHD C:\Users\Jan\IntelGraphicsProfiles
2017-02-20 11:10 - 2016-09-19 10:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 11:09 - 2016-07-16 07:04 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-02-20 11:08 - 2016-07-18 12:00 - 00000000 ____D C:\Users\Jan\AppData\Local\Adobe
2017-02-19 17:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 21:48 - 2016-07-18 12:40 - 00000000 ____D C:\Users\Jan\AppData\Roaming\FileZilla
2017-02-18 11:46 - 2016-07-18 12:19 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2017-02-18 09:26 - 2016-07-19 19:12 - 00000000 ____D C:\Users\Jan\AppData\Roaming\TS3Client
2017-02-18 09:03 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 00:44 - 2016-09-09 18:25 - 00000000 ____D C:\Users\Jan\AppData\Roaming\.minecraft
2017-02-16 18:02 - 2016-07-18 11:15 - 00000000 ____D C:\Users\Jan\AppData\Local\Packages
2017-02-15 20:07 - 2016-07-20 18:36 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Skype
2017-02-14 11:03 - 2016-07-24 12:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-02-12 16:22 - 2016-09-19 21:00 - 00000000 ____D C:\Users\Jan\.matplotlib
2017-02-12 16:19 - 2016-10-31 20:01 - 00115473 _____ C:\Users\Jan\Desktop\DP zastoupení.xlsx
2017-02-11 12:33 - 2016-11-10 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-11 12:07 - 2016-07-18 19:03 - 00000132 _____ C:\Users\Jan\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2017-02-09 12:29 - 2016-09-19 10:18 - 00003950 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1469091417
2017-02-09 12:29 - 2016-07-21 09:56 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-09 12:29 - 2016-07-21 09:56 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-08 17:10 - 2016-12-27 23:34 - 00000000 ____D C:\Users\Jan\Desktop\LPX
2017-02-08 12:36 - 2016-12-05 12:00 - 00000000 ____D C:\Users\Jan\Desktop\LPX - kopie
2017-02-08 08:19 - 2016-12-02 21:07 - 00000000 ____D C:\Users\Jan\Desktop\untu1
2017-02-07 19:31 - 2016-07-20 13:38 - 00000000 ____D C:\Users\Jan\Documents\Visual Studio 2015
2017-02-07 17:29 - 2016-07-18 12:29 - 00000000 ____D C:\Users\Jan\Desktop\DP
2017-02-07 08:17 - 2016-07-18 11:26 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 12:45 - 2016-11-03 23:01 - 00000000 ____D C:\Users\Jan\Desktop\img
2017-02-01 19:55 - 2016-08-20 10:54 - 00002039 _____ C:\Users\Jan\Desktop\mysql.txt
2017-01-28 23:09 - 2016-09-09 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-28 23:09 - 2016-09-09 18:29 - 00000000 ____D C:\ProgramData\Oracle
2017-01-28 23:09 - 2016-09-09 18:29 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-28 23:08 - 2016-09-09 18:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-27 18:45 - 2016-07-18 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-01-27 18:45 - 2016-07-18 12:40 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-01-25 23:57 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 11:58 - 2017-01-19 12:52 - 00000000 ____D C:\Users\Jan\Desktop\DP knihy
2017-01-24 21:16 - 2016-07-20 10:34 - 00000000 ____D C:\Users\Jan\Documents\ArcGIS

==================== Files in the root of some directories =======

2016-07-18 19:03 - 2017-02-11 12:07 - 0000132 _____ () C:\Users\Jan\AppData\Roaming\Adobe Formát PNG CS6 – předvolby
2016-07-18 11:17 - 2017-02-20 11:17 - 0000062 _____ () C:\Users\Jan\AppData\Roaming\sp_data.sys
2016-09-26 12:31 - 2016-09-26 12:38 - 0000600 _____ () C:\Users\Jan\AppData\Local\PUTTY.RND
2016-08-11 14:19 - 2017-01-17 20:13 - 0007595 _____ () C:\Users\Jan\AppData\Local\Resmon.ResmonCfg
2016-09-19 09:39 - 2016-09-19 09:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 12:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 12:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 12:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\Users\Jan\Adminlist.dat
C:\Users\Jan\Commands.dat


Some files in TEMP:
====================
2016-09-27 18:31 - 2016-01-26 12:03 - 0021952 _____ (Autodesk, Inc.) C:\Users\Jan\AppData\Local\Temp\AcDeltree.exe
2017-01-17 20:20 - 2017-01-17 21:05 - 2398688 _____ (Flexera Software LLC) C:\Users\Jan\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
2016-10-26 16:12 - 2016-10-26 16:12 - 0737856 _____ (Oracle Corporation) C:\Users\Jan\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-28 23:07 - 2017-01-28 23:07 - 0739904 _____ (Oracle Corporation) C:\Users\Jan\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-12-11 19:47 - 2016-12-11 19:48 - 7384064 _____ () C:\Users\Jan\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-18 15:02

==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu - vyskakování oken

#2 Příspěvek od Rudy »

Zdravím!

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\MountPoints2: {87dacb30-d0e7-11e6-bea8-28e34790c72d} - "G:\CorelLauncher.exe"
SearchScopes: HKU\S-1-5-21-3523026578-794161901-3972456178-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3523026578-794161901-3972456178-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1 ... 5_80B48087
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
C:\Users\Jan\Desktop\eQC4YVdJ.cs
C:\ProgramData\DP45977C.lfl
C:\ProgramData\SetStretch.VBS
C:\Users\Jan\Adminlist.dat
C:\Users\Jan\Commands.dat
C:\Users\Jan\AppData\Local\Temp

EmptyTemp:
End
Uložte do D:\Download1 jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Lorax
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 22 úno 2012 18:18

Re: Kontrola logu - vyskakování oken

#3 Příspěvek od Lorax »

Smazaly se všechny záložky, ale už je asi vše v pořádku, od té doby nevyskočila ani jedna reklama. Děkuji

Lorax
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 22 úno 2012 18:18

Re: Kontrola logu - vyskakování oken

#4 Příspěvek od Lorax »

Tak opět vyskakují okna.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Jan (21-02-2017 06:57:28) Run:1
Running from D:\Download1
Loaded Profiles: Jan (Available Profiles: Jan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\...\MountPoints2: {87dacb30-d0e7-11e6-bea8-28e34790c72d} - "G:\CorelLauncher.exe"
SearchScopes: HKU\S-1-5-21-3523026578-794161901-3972456178-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3523026578-794161901-3972456178-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1 ... 5_80B48087
CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/"
C:\Users\Jan\Desktop\eQC4YVdJ.cs
C:\ProgramData\DP45977C.lfl
C:\ProgramData\SetStretch.VBS
C:\Users\Jan\Adminlist.dat
C:\Users\Jan\Commands.dat
C:\Users\Jan\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87dacb30-d0e7-11e6-bea8-28e34790c72d} => key removed successfully
HKCR\CLSID\{87dacb30-d0e7-11e6-bea8-28e34790c72d} => key not found.
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3523026578-794161901-3972456178-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Jan\Desktop\eQC4YVdJ.cs => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
C:\Users\Jan\Adminlist.dat => moved successfully
C:\Users\Jan\Commands.dat => moved successfully

"C:\Users\Jan\AppData\Local\Temp" folder move:

Could not move "C:\Users\Jan\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 2499696 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40341467 B
Java, Flash, Steam htmlcache => 359925588 B
Windows/system/drivers => 206633604 B
Edge => 504764 B
Chrome => 1023893874 B
Firefox => 54828972 B
Opera => 1794048 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Jan => 6692530705 B

RecycleBin => 6681872445 B
EmptyTemp: => 14 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 21-02-2017 07:39:44)

C:\Users\Jan\AppData\Local\Temp => moved successfully

==== End of Fixlog 07:42:18 ====
Naposledy upravil(a) Lorax dne 21 úno 2017 19:15, celkem upraveno 1 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu - vyskakování oken

#5 Příspěvek od Rudy »

Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Lorax
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 22 úno 2012 18:18

Re: Kontrola logu - vyskakování oken

#6 Příspěvek od Lorax »

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Jan on Łt 21. 02. 2017 at 19:16:06,18.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: D:\Download1\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21. 2. 2017 19:23:18 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\Merge Modules deleted successfully
C:\Program Files\Autodesk deleted successfully
C:\Program Files\Fotolab deleted successfully
C:\Program Files\Common Files\Autodesk Shared deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Jan\AppData\Local\ActiveSync deleted successfully
C:\Users\Jan\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8obh3292.default\prefs.js:

Added to C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8obh3292.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\CorelDRAW Graphics Suite X7 x64 not found
C:\Users\Jan\AppData\Roaming\discord deleted
C:\Users\Jan\AppData\Roaming\Unity deleted
C:\PROGRA~2\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jan\AppData\Local\Unity deleted
C:\Users\Jan\AppData\Local\CrashRpt deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\Users\Jan\AppData\LocalLow\Unity deleted
C:\WINDOWS\Syswow64\Hotspot Shield deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8obh3292.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\8obh3292.default
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


Open many tabs - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojdgnbbcikfegdjfggdhncpjdekcjle
Chrome Media Router - Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jan\AppData\Local\Mozilla\Firefox\Profiles\8obh3292.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jan\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=976 folders=1237 1880088739 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Jan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 22. 02. 2017 at 16:34:26,25 ======================

Lorax
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 22 úno 2012 18:18

Re: Kontrola logu - vyskakování oken

#7 Příspěvek od Lorax »

JRT proběhl úspěšně

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Jan (Administrator) on st 22. 02. 2017 at 16:40:33,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 22. 02. 2017 at 17:12:36,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu - vyskakování oken

#8 Příspěvek od Rudy »

Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Lorax
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 22 úno 2012 18:18

Re: Kontrola logu - vyskakování oken

#9 Příspěvek od Lorax »

Vypadá to dobře, zatím jsem nezjistil žádný problém. Děkuji

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Kontrola logu - vyskakování oken

#10 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno