Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Otevírání reklamních stránek

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Otevírání reklamních stránek

#1 Příspěvek od Formtisk »

Dobrý den,
šéf mi dnes donesl jeho notebook, že se mu otevírají reklamní stránky v prohlížeči. Většinou erotického charakteru, občas tipsport a pod. Stránky se otevírají ikdyž se na počitači nic neděje. Zde je frst log:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
Ran by Milan (administrator) on MILAN-PC (12-07-2017 13:20:19)
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milan (Available Profiles: Milan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Milan\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Milan\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63656 2016-02-19] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792800 2014-10-21] (Lenovo Group Limited)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-688925148-2041776169-2711760864-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Milan\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-688925148-2041776169-2711760864-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Milan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-688925148-2041776169-2711760864-1000] => hxxp://noblok.biz/wpad.dat?2135a852fc1a620fb9d7bcef79354b2427242426
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{18418DF0-4CED-489B-8758-9D6B484C83F3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9871C457-8511-46D9-8446-1A7F16087939}: [DhcpNameServer] 10.10.2.1
ManualProxies: 0hxxp://noblok.biz/wpad.dat?2135a852fc1a620fb9d7bcef79354b2427242426

Internet Explorer:
==================
HKU\S-1-5-21-688925148-2041776169-2711760864-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {18E8F6A2-186E-4E33-BE52-068B0261972A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {2B713A69-0C53-4776-8930-FC7BD60DBAEE} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {42682FAD-FD84-4C57-AEF9-1EAD754AB6DA} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {62CF0D5D-9E09-4981-8178-5FB558A2687A} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {71BAFA63-7B55-45CA-B1AE-4F6DF5503E85} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {765DB170-DD6D-4C00-BAA1-8AA35E2D6E7B} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {93FDAB49-1754-4D2F-9D50-BF8DC84E01C2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {9F4F9566-4125-4696-A54F-DB719D7711DB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {9FA131FF-A743-4C30-973F-BEAF052E5CD2} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-06-15] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-15] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-06-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html", Active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default [2017-07-12]
CHR Extension: (Google Slides) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-06]
CHR Extension: (Google Docs) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-06]
CHR Extension: (Google Drive) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-06]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-05-07]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-05-07]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-06]
CHR Extension: (Reddit to Incognito) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldphbodpebiofbkobdhafhkfpcbijln [2017-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06]
CHR Extension: (St. Lucia’s Day) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdojcbdnpjkhgndbadoahgeiccfecghm [2017-04-12]
CHR Extension: (ThinkVantage Password Manager) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdfbkehegfmedglgemnhbnpmfmioggj [2016-05-06]
CHR Extension: (FromDocToPDF) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2017-05-19]
CHR Extension: (Compose Hot Mail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\moacggjajgoklflpminchmojpagdfnmi [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-05-07]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-08]
CHR HKU\S-1-5-21-688925148-2041776169-2711760864-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-10-20] (Lenovo.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242224 2016-05-25] (Microsoft Corporation) [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-12] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-12] (AVG Technologies CZ, s.r.o.)
S0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 lnvobus; C:\Windows\system32\drivers\lnvobus.sys [327680 2008-12-16] (MCCI Corporation)
S3 lnvocard; C:\Windows\system32\drivers\lnvocard.sys [378880 2008-12-16] (MCCI Corporation)
S3 lnvogps; C:\Windows\system32\drivers\lnvogps64.sys [87592 2008-10-23] (Ericsson AB)
S3 lnvounic; C:\Windows\system32\drivers\lnvounic.sys [431104 2008-12-16] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslcf87b35c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5ED8BF08-9A8D-48F6-BAC8-AD124453655D}\MpKslcf87b35c.sys [44928 2017-07-12] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [42224 2014-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-12 13:20 - 2017-07-12 13:21 - 00020771 _____ C:\Users\Milan\Desktop\FRST.txt
2017-07-12 13:20 - 2017-07-12 13:20 - 00000000 ____D C:\FRST
2017-07-12 13:18 - 2017-07-12 13:18 - 00112640 _____ (forum.viry.cz) C:\Users\Milan\Desktop\FRSTLauncher.exe
2017-07-12 13:16 - 2017-07-12 13:16 - 02435584 _____ (Farbar) C:\Users\Milan\Desktop\FRST64.exe
2017-07-12 11:28 - 2017-07-12 11:28 - 00000000 ____D C:\Users\Milan\AppData\Roaming\AVG
2017-07-12 11:26 - 2017-07-12 11:26 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-07-12 11:26 - 2017-07-12 11:26 - 00003920 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-07-12 11:26 - 2017-07-12 11:25 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-07-12 11:26 - 2017-07-12 11:25 - 00353232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys.149985159627104
2017-07-12 11:26 - 2017-07-12 11:25 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-12 11:23 - 2017-07-12 11:23 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-07-12 11:23 - 2017-07-12 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-07-12 11:21 - 2017-07-12 11:24 - 00000000 ____D C:\Program Files (x86)\AVG
2017-07-12 11:21 - 2017-07-12 11:21 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-07-12 11:20 - 2017-07-12 11:27 - 00000000 ____D C:\Users\Milan\AppData\Local\Avg
2017-07-12 11:20 - 2017-07-12 11:26 - 00000000 ____D C:\ProgramData\Avg
2017-07-12 11:20 - 2017-07-12 11:23 - 00000000 ____D C:\Users\Milan\AppData\Local\AvgSetupLog
2017-07-12 11:19 - 2017-07-12 11:19 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Milan\Downloads\Antivirus_Free_1896.exe
2017-07-08 13:18 - 2017-07-08 13:19 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2017-07-08 13:18 - 2017-07-08 13:18 - 00005041 _____ C:\ProgramData\mudtcpaz.vzs
2017-07-08 13:18 - 2017-07-08 13:18 - 00000016 _____ C:\ProgramData\mntemp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-12 12:48 - 2016-05-06 13:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-07-12 11:19 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 11:19 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 10:47 - 2017-05-07 16:10 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Seznam.cz
2017-07-12 10:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-09 16:00 - 2017-01-25 10:34 - 00000000 ____D C:\Users\Milan\Desktop\M 1
2017-07-08 13:06 - 2011-04-12 10:34 - 01063368 _____ C:\Windows\system32\perfh005.dat
2017-07-08 13:06 - 2011-04-12 10:34 - 00281266 _____ C:\Windows\system32\perfc005.dat
2017-07-08 13:06 - 2009-07-14 07:13 - 00006208 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-03 17:12 - 2016-05-06 12:53 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 17:12 - 2016-05-06 12:53 - 00002396 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-22 19:47 - 2017-02-08 15:32 - 00003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 19:47 - 2016-11-23 12:16 - 00000000 ___RD C:\Users\Milan\OneDrive
2017-06-22 19:47 - 2016-05-06 12:37 - 00002188 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-15 21:27 - 2017-03-15 15:16 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Audacity
2017-06-12 17:48 - 2016-05-06 12:52 - 00000000 ____D C:\Program Files (x86)\Google

==================== Files in the root of some directories =======

2017-07-08 13:18 - 2017-07-08 13:18 - 0000016 _____ () C:\ProgramData\mntemp
2017-07-08 13:18 - 2017-07-08 13:18 - 0005041 _____ () C:\ProgramData\mudtcpaz.vzs

Some files in TEMP:
====================
2017-05-20 15:23 - 2017-06-16 19:33 - 0534528 _____ () C:\Users\Milan\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-09 15:36

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:138.94 GB) (Free:92.22 GB) NTFS
Drive d: (Recovery image) (Fixed) (Total:9.77 GB) (Free:3 GB) NTFS

Available physical RAM: 580.63 MB
Total physical RAM: 1944.03 MB
Percentage of memory in use: 70%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5703322C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=27)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Milan\Desktop" je 6574 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání reklamních stránek

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Re: Otevírání reklamních stránek

#3 Příspěvek od Formtisk »

# AdwCleaner v6.047 - Log vytvořen 13/07/2017 v 11:38:53
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-07-11.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Milan - MILAN-PC
# Spuštěno z : C:\Users\Milan\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk
[-] Složka smazána: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mallpejgeafdahhflmliiahjdpgbegpk


***** [ Soubory ] *****

[-] Soubor smazán: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage
[-] Soubor smazán: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Users\Public\Desktop\Google Chrome.lnk
[-] Zástupce vyléčen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce vyléčen: C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce vyléčen: C:\Users\Milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Zástupce vyléčen: C:\Users\Milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce vyléčen: C:\Users\Milan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk


***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****

[-] [C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: mallpejgeafdahhflmliiahjdpgbegpk


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2360 Bajty] - [13/07/2017 11:38:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [3627 Bajty] - [13/07/2017 11:35:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2506 Bajty] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání reklamních stránek

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Re: Otevírání reklamních stránek

#5 Příspěvek od Formtisk »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2017
Ran by Milan (administrator) on MILAN-PC (14-07-2017 10:26:51)
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milan (Available Profiles: Milan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Users\Milan\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\Milan\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(forum.viry.cz) C:\Users\Milan\Desktop\FRST-OlderVersion\FRSTLauncher (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63656 2016-02-19] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792800 2014-10-21] (Lenovo Group Limited)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-07-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-688925148-2041776169-2711760864-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Milan\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-688925148-2041776169-2711760864-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Milan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-688925148-2041776169-2711760864-1000] => hxxp://noblok.biz/wpad.dat?2135a852fc1a620fb9d7bcef79354b2427242426
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{18418DF0-4CED-489B-8758-9D6B484C83F3}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9871C457-8511-46D9-8446-1A7F16087939}: [DhcpNameServer] 10.10.2.1
ManualProxies: 0hxxp://noblok.biz/wpad.dat?2135a852fc1a620fb9d7bcef79354b2427242426

Internet Explorer:
==================
HKU\S-1-5-21-688925148-2041776169-2711760864-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/?clid=12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {18E8F6A2-186E-4E33-BE52-068B0261972A} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {2B713A69-0C53-4776-8930-FC7BD60DBAEE} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {42682FAD-FD84-4C57-AEF9-1EAD754AB6DA} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {62CF0D5D-9E09-4981-8178-5FB558A2687A} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {71BAFA63-7B55-45CA-B1AE-4F6DF5503E85} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {765DB170-DD6D-4C00-BAA1-8AA35E2D6E7B} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {93FDAB49-1754-4D2F-9D50-BF8DC84E01C2} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {9F4F9566-4125-4696-A54F-DB719D7711DB} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-688925148-2041776169-2711760864-1000 -> {9FA131FF-A743-4C30-973F-BEAF052E5CD2} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-06-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-06-15] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-15] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-06-15] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-15] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-06-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR NewTab: Default -> Active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
CHR Profile: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default [2017-07-14]
CHR Extension: (Google Slides) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-06]
CHR Extension: (Google Docs) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-06]
CHR Extension: (Google Drive) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-06]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2017-05-07]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2017-05-07]
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-06]
CHR Extension: (Reddit to Incognito) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldphbodpebiofbkobdhafhkfpcbijln [2017-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-06]
CHR Extension: (St. Lucia’s Day) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdojcbdnpjkhgndbadoahgeiccfecghm [2017-04-12]
CHR Extension: (ThinkVantage Password Manager) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdfbkehegfmedglgemnhbnpmfmioggj [2016-05-06]
CHR Extension: (Compose Hot Mail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\moacggjajgoklflpminchmojpagdfnmi [2017-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2017-05-07]
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKU\S-1-5-21-688925148-2041776169-2711760864-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-07-03] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-10-20] (Lenovo.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272864 2016-01-08] (Lenovo)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [242224 2016-05-25] (Microsoft Corporation) [File not signed]
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166624 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [313616 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192584 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336896 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [51336 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39424 2017-07-12] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [139112 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102792 2017-07-12] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76832 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1008288 2017-07-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [578048 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\Windows\system32\drivers\avgStm.sys [191208 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [353744 2017-07-12] (AVG Technologies CZ, s.r.o.)
S3 lnvobus; C:\Windows\system32\drivers\lnvobus.sys [327680 2008-12-16] (MCCI Corporation)
S3 lnvocard; C:\Windows\system32\drivers\lnvocard.sys [378880 2008-12-16] (MCCI Corporation)
S3 lnvogps; C:\Windows\system32\drivers\lnvogps64.sys [87592 2008-10-23] (Ericsson AB)
S3 lnvounic; C:\Windows\system32\drivers\lnvounic.sys [431104 2008-12-16] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [42224 2014-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-14 10:26 - 2017-07-14 10:27 - 00020147 _____ C:\Users\Milan\Desktop\FRST.txt
2017-07-14 10:26 - 2017-07-14 10:26 - 00000000 ____D C:\Users\Milan\Desktop\FRST-OlderVersion
2017-07-13 11:33 - 2017-07-13 11:38 - 00000000 ____D C:\AdwCleaner
2017-07-13 11:31 - 2017-07-13 11:31 - 04110280 _____ C:\Users\Milan\Desktop\adwcleaner_6.047.exe
2017-07-12 13:20 - 2017-07-14 10:26 - 00000000 ____D C:\FRST
2017-07-12 13:16 - 2017-07-14 10:26 - 02435584 _____ (Farbar) C:\Users\Milan\Desktop\FRST64.exe
2017-07-12 11:28 - 2017-07-12 11:28 - 00000000 ____D C:\Users\Milan\AppData\Roaming\AVG
2017-07-12 11:26 - 2017-07-14 10:11 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2017-07-12 11:26 - 2017-07-12 11:26 - 00353744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgvmm.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 01008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00578048 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00401584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-07-12 11:26 - 2017-07-12 11:25 - 00336896 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbloga.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00313616 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdrivera.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00192584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsha.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00191208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00166624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiska.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00102792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00076832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00051336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniva.sys
2017-07-12 11:26 - 2017-07-12 11:25 - 00039424 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-07-12 11:23 - 2017-07-12 11:23 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk
2017-07-12 11:23 - 2017-07-12 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-07-12 11:21 - 2017-07-12 11:24 - 00000000 ____D C:\Program Files (x86)\AVG
2017-07-12 11:21 - 2017-07-12 11:21 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2017-07-12 11:20 - 2017-07-12 16:09 - 00000000 ____D C:\ProgramData\Avg
2017-07-12 11:20 - 2017-07-12 11:27 - 00000000 ____D C:\Users\Milan\AppData\Local\Avg
2017-07-12 11:20 - 2017-07-12 11:23 - 00000000 ____D C:\Users\Milan\AppData\Local\AvgSetupLog
2017-07-12 11:19 - 2017-07-12 11:19 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Milan\Downloads\Antivirus_Free_1896.exe
2017-07-08 13:18 - 2017-07-08 13:19 - 00000000 ____D C:\ProgramData\Movavi Video Converter 17
2017-07-08 13:18 - 2017-07-08 13:18 - 00005041 _____ C:\ProgramData\mudtcpaz.vzs
2017-07-08 13:18 - 2017-07-08 13:18 - 00000016 _____ C:\ProgramData\mntemp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-14 10:21 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-14 10:21 - 2009-07-14 06:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-13 11:48 - 2017-05-07 16:10 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Seznam.cz
2017-07-13 11:41 - 2016-05-06 13:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-07-13 11:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-13 11:38 - 2016-05-06 12:53 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-13 11:38 - 2016-05-06 12:53 - 00001293 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-13 11:38 - 2016-05-06 12:41 - 00000976 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-13 11:28 - 2016-05-06 13:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-09 16:00 - 2017-01-25 10:34 - 00000000 ____D C:\Users\Milan\Desktop\M 1
2017-07-08 13:06 - 2011-04-12 10:34 - 01063368 _____ C:\Windows\system32\perfh005.dat
2017-07-08 13:06 - 2011-04-12 10:34 - 00281266 _____ C:\Windows\system32\perfc005.dat
2017-07-08 13:06 - 2009-07-14 07:13 - 00006208 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-22 19:47 - 2017-02-08 15:32 - 00003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 19:47 - 2016-11-23 12:16 - 00000000 ___RD C:\Users\Milan\OneDrive
2017-06-22 19:47 - 2016-05-06 12:37 - 00002188 _____ C:\Users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-15 21:27 - 2017-03-15 15:16 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Audacity

==================== Files in the root of some directories =======

2017-07-08 13:18 - 2017-07-08 13:18 - 0000016 _____ () C:\ProgramData\mntemp
2017-07-08 13:18 - 2017-07-08 13:18 - 0005041 _____ () C:\ProgramData\mudtcpaz.vzs

Some files in TEMP:
====================
2017-05-20 15:23 - 2017-06-16 19:33 - 0534528 _____ () C:\Users\Milan\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-09 15:36

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:138.94 GB) (Free:91.86 GB) NTFS
Drive d: (Recovery image) (Fixed) (Total:9.77 GB) (Free:2.98 GB) NTFS

Available physical RAM: 572.13 MB
Total physical RAM: 1944.03 MB
Percentage of memory in use: 70%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5703322C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=27)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Milan\Desktop" je 6580 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(8.46 KiB) Staženo 111 x
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání reklamních stránek

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\mudtcpaz.vzs
C:\Users\Milan\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {344975F1-3167-45A7-9EAB-FB3A9A9A1CB9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C48B4A30-19A4-4CD2-AE16-1505C89C7CBA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:
Velikost slozky "C:\Users\Milan\Desktop" je 6580 MB.
To je příliš mnoho a může to způsobovat zpomalený start systému. Vytvořte v C:\Users\Milan novou složku, do níž přesuňte všechna data z plochy (kromě zástupců). Na plochu si pak dejte zástupce té složky pro snazší přístup.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Re: Otevírání reklamních stránek

#7 Příspěvek od Formtisk »

Neukládat věci na plochu učím šéfa už dlouho, upravím mu to.
Ohledně fixu, log viz. níže, okna ale stále vyskakují.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by Milan (17-07-2017 11:44:40) Run:1
Running from C:\Users\Milan\Desktop
Loaded Profiles: Milan (Available Profiles: Milan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\ProgramData\mudtcpaz.vzs
C:\Users\Milan\AppData\Local\Temp
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
ContextMenuHandlers03: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {344975F1-3167-45A7-9EAB-FB3A9A9A1CB9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C48B4A30-19A4-4CD2-AE16-1505C89C7CBA} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

EmptyTemp:
End
*****************

HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\ProgramData\mudtcpaz.vzs => moved successfully

"C:\Users\Milan\AppData\Local\Temp" folder move:

Could not move "C:\Users\Milan\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => key removed successfully
HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{344975F1-3167-45A7-9EAB-FB3A9A9A1CB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344975F1-3167-45A7-9EAB-FB3A9A9A1CB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C48B4A30-19A4-4CD2-AE16-1505C89C7CBA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C48B4A30-19A4-4CD2-AE16-1505C89C7CBA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 103423998 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 625509919 B
Edge => 0 B
Chrome => 395438993 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 4174 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16674 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 50104092 B
Milan => 230603738 B

RecycleBin => 14345206 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-07-2017 11:48:16)

C:\Users\Milan\AppData\Local\Temp => moved successfully

==== End of Fixlog 11:48:20 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání reklamních stránek

#8 Příspěvek od Rudy »

Tady smazáno. Ještě vyčistíme prohlížeče. Spusťte postupně následující utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Re: Otevírání reklamních stránek

#9 Příspěvek od Formtisk »

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Milan on Łt 18.07.2017 at 12:24:38,95.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Milan\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.7.2017 12:25:46 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Guitar Pro 6 deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
"C:\ProgramData\mntemp" deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lpdfbkehegfmedglgemnhbnpmfmioggj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

Seznam Lištička - Email - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Reddit to Incognito - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldphbodpebiofbkobdhafhkfpcbijln
St. Lucia’s Day - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdojcbdnpjkhgndbadoahgeiccfecghm
ThinkVantage Password Manager - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdfbkehegfmedglgemnhbnpmfmioggj
Compose Hot Mail - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\moacggjajgoklflpminchmojpagdfnmi
Seznam Lištička - Rychlá volba - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{18E8F6A2-186E-4E33-BE52-068B0261972A} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454"
{2B713A69-0C53-4776-8930-FC7BD60DBAEE} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12454"
{42682FAD-FD84-4C57-AEF9-1EAD754AB6DA} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_12454"
{62CF0D5D-9E09-4981-8178-5FB558A2687A} Seznam Url="http://search.seznam.cz/?q={searchTerms ... arch_12454"
{71BAFA63-7B55-45CA-B1AE-4F6DF5503E85} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_12454"
{765DB170-DD6D-4C00-BAA1-8AA35E2D6E7B} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_12454"
{93FDAB49-1754-4D2F-9D50-BF8DC84E01C2} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12454"
{9F4F9566-4125-4696-A54F-DB719D7711DB} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_12454"
{9FA131FF-A743-4C30-973F-BEAF052E5CD2} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_12454"

==== Reset Google Chrome ======================

C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=8 7369657 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Milan\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Milan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun-24-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on Łt 18.07.2017 at 12:50:23,30 ======================
Nahoru
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Re: Otevírání reklamních stránek

#10 Příspěvek od Formtisk »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Milan (Administrator) on Łt 18.07.2017 at 12:57:50,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 14

Successfully deleted: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal (File)
Successfully deleted: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage-journal (File)
Successfully deleted: C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)
Successfully deleted: C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09RZJ74Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ISJG12T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHRXL74Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Milan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4NAV0PX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09RZJ74Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ISJG12T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHRXL74Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4NAV0PX (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{62CF0D5D-9E09-4981-8178-5FB558A2687A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 18.07.2017 at 13:01:44,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání reklamních stránek

#11 Příspěvek od Rudy »

OK. Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Formtisk
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 12 črc 2017 12:09

Re: Otevírání reklamních stránek

#12 Příspěvek od Formtisk »

Tak vypadá to že je vše vpořádku, nic už nevyskakuje. Děkuji Vám moc za pomoc. Díky.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118251
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Otevírání reklamních stránek

#13 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“