chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92f2-8

Zpráva

moldow · #1 Příspěvek od **moldow** » 25 pro 2017 12:18

Prosim o kontrolu, pri otvoreni chrome sa mi otvori tab s takoutu URL - %7B9d6b0768-e83d-4038-92f2-8becc069254f%7D

info.txt logfile of random's system information tool 1.10 2017-12-25 12:14:30

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A6D3A6B336C748020210007DF130C000800000020030000DF140C07FEFFFF00280300068A3E0600FEFFFF0FFEFFFF09B241064509A6080000000000000000000000000000000055AA

======Uninstall list======

Backup and Sync from Google-->MsiExec.exe /X{908DB568-E5FA-40C7-A2AA-AB340190858B}
Bluetooth Win7 Suite-->MsiExec.exe /X{101A497C-7EF6-4001-834D-E5FA1C70FEFA}
Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
Cambridge Advanced Learner's Dictionary-->C:\Windows\IsUninst.exe -f"C:\Program Files\Cambridge\CAL001CP\Uninst.isu"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
FastStone Image Viewer 5.5-->C:\Program Files\FastStone Image Viewer\uninst.exe
Foxit Reader-->"C:\Program Files\Foxit Software\Foxit Reader\unins000.exe"
Google Earth Pro-->MsiExec.exe /I{ECF2E224-42F5-4E50-B58E-94CA70E85697}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\63.0.3239.84\Installer\setup.exe" --uninstall --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Launch Manager-->C:\Windows\UNINSTLMv4.EXE LMv4.UNI
Malwarebytes verzia 3.3.1.2183-->"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{90120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Opera developer 39.0.2248.0-->"C:\Program Files\Opera developer\Launcher.exe" /uninstall
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek PCIE Card Reader-->"C:\Program Files\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2978125)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F97ADBB0-328A-3BAF-AA1A-0DDCEB094DF0} /parameterfolder Client
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
VLC media player-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000)-->C:\PROGRA~1\DIFX\C4EAB009834423A8\DPInst_x86.exe /u C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_x86_neutral_bd75d06c56998078\android_winusb.inf
WinRAR 5.30 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Jana-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR1.
Record Number: 15464
Source Name: Disk
Time Written: 20160218165227.204213-000
Event Type: Error
User:

Computer Name: Jana-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR1.
Record Number: 15463
Source Name: Disk
Time Written: 20160218165227.204213-000
Event Type: Error
User:

Computer Name: Jana-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR1.
Record Number: 15462
Source Name: Disk
Time Written: 20160218165227.204213-000
Event Type: Error
User:

Computer Name: Jana-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR1.
Record Number: 15461
Source Name: Disk
Time Written: 20160218165227.204213-000
Event Type: Error
User:

Computer Name: Jana-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\DR1.
Record Number: 15460
Source Name: Disk
Time Written: 20160218165227.188613-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Jana-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 222
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20160217130427.581071-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Jana-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2665996858-3576351067-2021870907-1000:
Process 424 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2665996858-3576351067-2021870907-1000

Record Number: 200
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160217125917.889810-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Jana-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 196
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20160217125728.487618-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Jana-PC
Event Code: 1017
Message: Installation of the Proof of Purchase failed. 0xC004F015
Partial Pkey=VRFVG
ACID=5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
Detailed Error[?]

Record Number: 179
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20160217125510.000000-000
Event Type: Error
User:

Computer Name: Jana-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 121
Source Name: Microsoft-Windows-Search
Time Written: 20160217125355.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160217124818.149641-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247D28-05$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160217124818.149641-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x2321e
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160217124818.118441-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160217124817.946841-000
Event Type: Audit Success
User:

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20160217124817.931241-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\adb
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 54 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=3601

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 25 pro 2017 18:34

Zdravím!
Dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

moldow · #3 Příspěvek od **moldow** » 25 pro 2017 18:46

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2017 01
Ran by Michal (administrator) on JANA-PC (25-12-2017 18:41:40)
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal (Available Profiles: Jana & Michal)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [6475264 2016-02-17] (Broadcom Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [841376 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [694432 2011-09-16] (Atheros Commnucations)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\Run: [GoogleChromeAutoLaunch_7999338B87431E4923015A2D4B0F7CC3] => C:\Program Files\Google\Chrome\Application\chrome.exe [1367384 2017-12-06] (Google Inc.)
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\MountPoints2: {ff97e387-d739-11e5-841f-96d47475baf6} - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\MountPoints2: {ff97e39a-d739-11e5-841f-96d47475baf6} - F:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-18] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{13069A45-0159-413B-AB61-DDDEBC7EEA88}: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{85859F42-9B1C-46D1-B13F-7133DDAFEE58}: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{C308825A-CFF5-4F97-A4D1-D6703BC969FA}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-09-16] (Atheros Commnucations)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2017-12-25]
CHR Extension: (Dokumenty) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-06]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-11-19]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-19]
CHR Extension: (Google Search) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Full Page Screen Capture) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-11-19]
CHR Extension: (Tabuľky) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-06]
CHR Extension: (Popup for Keep™) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcmhglnohogibbbpbodmjeggpdlboop [2017-11-19]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-19]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-11-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2017-12-21]
CHR Extension: (crxMouse Chrome™ Gestures) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2017-12-19]
CHR Extension: (Google Hangouts) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-06]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-12-25]
CHR Extension: (Print Friendly & PDF) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-11-19]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
CHR HKLM\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [84640 2011-09-16] (Atheros Commnucations) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082232 2016-01-15] (Disc Soft Ltd)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5186048 2016-02-17] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2011-09-16] (Atheros)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-31] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2016-02-17] (Broadcom Corporation)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [290976 2011-09-16] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97440 2011-09-16] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2011-09-16] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2011-09-16] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2011-09-16] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2011-09-16] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [440992 2011-09-16] (Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-02-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-02-22] (Disc Soft Ltd)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 18:41 - 2017-12-25 18:42 - 000014733 _____ C:\Users\Michal\Desktop\FRST.txt
2017-12-25 18:41 - 2017-12-25 18:41 - 000000000 ____D C:\FRST
2017-12-25 18:39 - 2017-12-25 18:39 - 001752576 _____ (Farbar) C:\Users\Michal\Desktop\FRST.exe
2017-12-25 18:39 - 2017-12-25 18:39 - 000112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2017-12-25 18:35 - 2017-12-25 18:36 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-25 18:35 - 2017-12-25 18:36 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-12-25 18:35 - 2017-12-25 18:35 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-25 18:35 - 2017-12-25 18:35 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-25 18:35 - 2017-12-25 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-25 18:35 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-12-25 18:33 - 2017-12-25 18:33 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Michal\Downloads\spybotsd-2.6.46.exe
2017-12-25 14:21 - 2017-12-25 14:21 - 000000000 ___RD C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-12-25 12:14 - 2017-12-25 12:14 - 000000000 ____D C:\rsit
2017-12-25 12:14 - 2017-12-25 12:14 - 000000000 ____D C:\Program Files\trend micro
2017-12-25 12:13 - 2017-12-25 12:13 - 001107968 _____ C:\Users\Michal\Desktop\RSIT.exe
2017-12-21 19:56 - 2016-05-17 13:56 - 000000000 ____D C:\Users\Michal\Desktop\SpyHunter v4.22.8.4668 Portable
2017-12-21 19:25 - 2017-12-21 19:26 - 010439147 _____ (Igor Pavlov) C:\Users\Michal\Desktop\SpyHunter v4.22.8.4668 Portable + integrovaný crack.exe
2017-12-21 19:15 - 2017-12-21 19:15 - 000002024 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-21 19:15 - 2017-12-21 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-21 19:15 - 2017-12-21 19:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-21 19:15 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2017-12-21 19:14 - 2017-12-21 19:14 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-21 14:26 - 2017-12-21 18:44 - 000000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-12-21 14:26 - 2017-12-21 14:26 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2017-12-21 14:09 - 2017-12-21 14:09 - 000001716 __RSH C:\ProgramData\ntuser.pol
2017-12-18 18:38 - 2017-12-18 18:38 - 000000000 ____D C:\Users\Michal\AppData\Local\CrashDumps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 18:37 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\tracing
2017-12-25 14:25 - 2016-02-17 13:57 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-25 14:25 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-12-25 14:18 - 2009-07-14 05:34 - 000025728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-25 14:18 - 2009-07-14 05:34 - 000025728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-25 14:13 - 2016-04-01 22:00 - 000000000 ____D C:\Users\Michal\AppData\Local\Opera Software
2017-12-25 14:13 - 2016-04-01 21:05 - 000000000 ____D C:\Program Files\Opera developer
2017-12-25 14:11 - 2016-02-17 20:46 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-12-25 14:11 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-21 20:56 - 2016-02-22 08:04 - 000000000 ____D C:\extensions
2017-12-21 20:56 - 2016-02-17 14:47 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-21 19:46 - 2016-02-22 08:04 - 000000000 ____D C:\Users\Jana\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2017-12-21 19:15 - 2016-02-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-21 19:15 - 2016-02-24 20:59 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-12-21 18:44 - 2016-02-22 07:44 - 000000000 ____D C:\Windows\system32\appmgmt
2017-12-21 14:09 - 2009-07-14 03:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-21 13:02 - 2016-02-23 21:15 - 000000000 ____D C:\Users\Michal
2017-12-12 12:01 - 2017-09-22 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-04 11:15 - 2016-03-27 09:07 - 000000000 ____D C:\Users\Jana\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

Some files in TEMP:
====================
2016-10-30 09:23 - 2016-10-30 09:23 - 013467648 _____ () C:\Users\Jana\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-21 14:47

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:49.95 GB) (Free:24.55 GB) NTFS
Drive d: () (Fixed) (Total:69.19 GB) (Free:27.99 GB) NTFS

Available physical RAM: 540.26 MB
Total physical RAM: 2036.3 MB
Percentage of memory in use: 73%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 336B3A6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=69.2 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Michal\Desktop" je 101 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray
C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent
"C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#4 Příspěvek od **Rudy** » 25 pro 2017 19:57

OK. Teď spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

moldow · #5 Příspěvek od **moldow** » 25 pro 2017 20:43

# AdwCleaner 7.0.6.0 - Logfile created on Mon Dec 25 19:41:27 2017
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 7 Professional (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\All Users\Documents\\dmp
Deleted: C:\Users\Public\Documents\\dmp
Deleted: C:\Users\Jana\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files\Enigma Software Group\SpyHunter\
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files\Enigma Software Group\

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Chrome Cleaner Pro -

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1794 B] - [2017/12/25 19:41:5]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#6 Příspěvek od **Rudy** » 25 pro 2017 20:55

Dejte nový log FRST.

moldow · #7 Příspěvek od **moldow** » 25 pro 2017 21:56

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2017 01
Ran by Michal (administrator) on JANA-PC (25-12-2017 21:52:44)
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal (Available Profiles: Jana & Michal)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [6475264 2016-02-17] (Broadcom Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [841376 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [694432 2011-09-16] (Atheros Commnucations)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\Run: [GoogleChromeAutoLaunch_7999338B87431E4923015A2D4B0F7CC3] => C:\Program Files\Google\Chrome\Application\chrome.exe [1367384 2017-12-06] (Google Inc.)
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\MountPoints2: {ff97e387-d739-11e5-841f-96d47475baf6} - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\MountPoints2: {ff97e39a-d739-11e5-841f-96d47475baf6} - F:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-18] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{13069A45-0159-413B-AB61-DDDEBC7EEA88}: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{85859F42-9B1C-46D1-B13F-7133DDAFEE58}: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{C308825A-CFF5-4F97-A4D1-D6703BC969FA}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-09-16] (Atheros Commnucations)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2017-12-25]
CHR Extension: (Dokumenty) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-06]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-11-19]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-19]
CHR Extension: (Google Search) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Full Page Screen Capture) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-11-19]
CHR Extension: (Tabuľky) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-06]
CHR Extension: (Popup for Keep™) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcmhglnohogibbbpbodmjeggpdlboop [2017-11-19]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-19]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-11-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2017-12-21]
CHR Extension: (crxMouse Chrome™ Gestures) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2017-12-19]
CHR Extension: (Google Hangouts) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-06]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-12-25]
CHR Extension: (Print Friendly & PDF) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-11-19]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [84640 2011-09-16] (Atheros Commnucations) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082232 2016-01-15] (Disc Soft Ltd)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5186048 2016-02-17] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2011-09-16] (Atheros)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-31] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2016-02-17] (Broadcom Corporation)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [290976 2011-09-16] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97440 2011-09-16] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2011-09-16] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2011-09-16] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2011-09-16] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2011-09-16] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [440992 2011-09-16] (Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-02-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-02-22] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-29] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2017-12-25] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-12-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2017-12-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-12-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-12-25] (Malwarebytes)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 21:52 - 2017-12-25 21:53 - 000015068 _____ C:\Users\Michal\Desktop\FRST.txt
2017-12-25 21:51 - 2017-12-25 21:51 - 000000000 ___RD C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-12-25 20:43 - 2017-12-25 21:52 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-25 20:43 - 2017-12-25 20:43 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-25 20:42 - 2017-12-25 21:51 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-25 20:42 - 2017-12-25 21:51 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-25 20:42 - 2017-12-25 21:51 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-25 20:36 - 2017-12-25 20:41 - 000000000 ____D C:\AdwCleaner
2017-12-25 20:36 - 2017-12-25 20:36 - 008198432 _____ (Malwarebytes) C:\Users\Michal\Downloads\adwcleaner_7.0.6.0.exe
2017-12-25 18:46 - 2017-12-25 18:48 - 000012806 _____ C:\Users\Michal\Desktop\Addition.rar
2017-12-25 18:41 - 2017-12-25 21:52 - 000000000 ____D C:\FRST
2017-12-25 18:39 - 2017-12-25 18:39 - 001752576 _____ (Farbar) C:\Users\Michal\Desktop\FRST.exe
2017-12-25 18:39 - 2017-12-25 18:39 - 000112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2017-12-25 18:35 - 2017-12-25 19:51 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-25 18:35 - 2017-12-25 18:36 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-12-25 18:35 - 2017-12-25 18:35 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-25 18:35 - 2017-12-25 18:35 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-25 18:35 - 2017-12-25 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-25 18:35 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-12-25 18:33 - 2017-12-25 18:33 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Michal\Downloads\spybotsd-2.6.46.exe
2017-12-25 12:14 - 2017-12-25 12:14 - 000000000 ____D C:\rsit
2017-12-25 12:14 - 2017-12-25 12:14 - 000000000 ____D C:\Program Files\trend micro
2017-12-25 12:13 - 2017-12-25 12:13 - 001107968 _____ C:\Users\Michal\Desktop\RSIT.exe
2017-12-21 19:56 - 2016-05-17 13:56 - 000000000 ____D C:\Users\Michal\Desktop\SpyHunter v4.22.8.4668 Portable
2017-12-21 19:25 - 2017-12-21 19:26 - 010439147 _____ (Igor Pavlov) C:\Users\Michal\Desktop\SpyHunter v4.22.8.4668 Portable + integrovaný crack.exe
2017-12-21 19:15 - 2017-12-21 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-21 19:15 - 2017-12-21 19:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-21 19:15 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2017-12-21 19:14 - 2017-12-21 19:14 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-21 14:26 - 2017-12-21 18:44 - 000000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2017-12-21 14:26 - 2017-12-21 14:26 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2017-12-21 14:09 - 2017-12-21 14:09 - 000001716 __RSH C:\ProgramData\ntuser.pol
2017-12-18 18:38 - 2017-12-18 18:38 - 000000000 ____D C:\Users\Michal\AppData\Local\CrashDumps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 21:51 - 2016-02-17 20:46 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-12-25 21:50 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-25 20:51 - 2016-02-17 13:57 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-25 20:51 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-12-25 20:49 - 2009-07-14 05:34 - 000025728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-25 20:49 - 2009-07-14 05:34 - 000025728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-25 20:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\tracing
2017-12-25 14:13 - 2016-04-01 22:00 - 000000000 ____D C:\Users\Michal\AppData\Local\Opera Software
2017-12-25 14:13 - 2016-04-01 21:05 - 000000000 ____D C:\Program Files\Opera developer
2017-12-21 20:56 - 2016-02-22 08:04 - 000000000 ____D C:\extensions
2017-12-21 20:56 - 2016-02-17 14:47 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-21 19:15 - 2016-02-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-21 19:15 - 2016-02-24 20:59 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-12-21 18:44 - 2016-02-22 07:44 - 000000000 ____D C:\Windows\system32\appmgmt
2017-12-21 14:09 - 2009-07-14 03:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-21 13:02 - 2016-02-23 21:15 - 000000000 ____D C:\Users\Michal
2017-12-12 12:01 - 2017-09-22 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-04 11:15 - 2016-03-27 09:07 - 000000000 ____D C:\Users\Jana\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

Some files in TEMP:
====================
2016-10-30 09:23 - 2016-10-30 09:23 - 013467648 _____ () C:\Users\Jana\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-21 14:47

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:49.95 GB) (Free:25.88 GB) NTFS
Drive d: () (Fixed) (Total:69.19 GB) (Free:27.99 GB) NTFS

Available physical RAM: 734.38 MB
Total physical RAM: 2036.3 MB
Percentage of memory in use: 63%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 336B3A6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=69.2 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Michal\Desktop" je 102 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray
C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent
"C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **Rudy** » 25 pro 2017 22:01

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\MountPoints2: {ff97e387-d739-11e5-841f-96d47475baf6} - E:\AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-2665996858-3576351067-2021870907-1003\...\MountPoints2: {ff97e39a-d739-11e5-841f-96d47475baf6} - F:\SETUP.EXE
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\Users\Jana\AppData\Local\Temp
Task: {5897A3E8-F199-47B7-99ED-4537B38715EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {A80F94DB-7038-4926-B45B-C0F534AEBEA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

moldow · #9 Příspěvek od **moldow** » 25 pro 2017 22:19

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2017 01
Ran by Michal (administrator) on JANA-PC (25-12-2017 22:15:45)
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal (Available Profiles: Jana & Michal)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Atheros Communications) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [6475264 2016-02-17] (Broadcom Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [841376 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [694432 2011-09-16] (Atheros Commnucations)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-18] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{13069A45-0159-413B-AB61-DDDEBC7EEA88}: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{85859F42-9B1C-46D1-B13F-7133DDAFEE58}: [DhcpNameServer] 1.0.0.1
Tcpip\..\Interfaces\{C308825A-CFF5-4F97-A4D1-D6703BC969FA}: [NameServer] 8.8.8.8

Internet Explorer:
==================
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-09-16] (Atheros Commnucations)
BHO: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll [2001-08-10] ()
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\system32\textwareilluminatorbaseProtocol.dll [2002-09-27] ()

FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default [2017-12-25]
CHR Extension: (Dokumenty) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-06]
CHR Extension: (Disk Google) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-23]
CHR Extension: (YouTube) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-23]
CHR Extension: (Webmail Ad Blocker) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2017-11-19]
CHR Extension: (uBlock Origin) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-25]
CHR Extension: (Google Search) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-23]
CHR Extension: (Full Page Screen Capture) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-11-19]
CHR Extension: (Tabuľky) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-06]
CHR Extension: (Popup for Keep™) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcmhglnohogibbbpbodmjeggpdlboop [2017-11-19]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-12-19]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-11-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2017-12-21]
CHR Extension: (crxMouse Chrome™ Gestures) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgkpaicikihijadgifklkbpdajbkhjo [2017-12-19]
CHR Extension: (Google Hangouts) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-06]
CHR Extension: (ImTranslator: Translator, Dictionary, TTS) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\noaijdpnepcgjemiklgfkcfbkokogabh [2017-12-25]
CHR Extension: (Print Friendly & PDF) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-11-19]
CHR Extension: (Gmail) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-23]
CHR Extension: (Chrome Media Router) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [84640 2011-09-16] (Atheros Commnucations) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1082232 2016-01-15] (Disc Soft Ltd)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5186048 2016-02-17] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2011-09-16] (Atheros)
S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-31] (ASIX Electronics Corp.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18496 2016-02-17] (Broadcom Corporation)
R3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [290976 2011-09-16] (Atheros)
R3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97440 2011-09-16] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2011-09-16] (Atheros)
R3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2011-09-16] (Atheros)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2011-09-16] (Atheros)
R3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2011-09-16] (Atheros)
R3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [440992 2011-09-16] (Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-02-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-02-22] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59896 2017-11-29] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [168376 2017-12-25] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [91576 2017-12-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [40376 2017-12-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [221112 2017-12-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [65824 2017-12-25] (Malwarebytes)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 22:15 - 2017-12-25 22:16 - 000013144 _____ C:\Users\Michal\Desktop\FRST.txt
2017-12-25 22:15 - 2017-12-25 22:15 - 000040376 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-12-25 22:14 - 2017-12-25 22:14 - 000221112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-12-25 22:14 - 2017-12-25 22:14 - 000168376 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2017-12-25 22:14 - 2017-12-25 22:14 - 000091576 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-12-25 22:14 - 2017-12-25 22:14 - 000065824 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-12-25 22:14 - 2017-12-25 22:14 - 000000000 ___RD C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2017-12-25 22:12 - 2017-12-25 22:13 - 000004334 _____ C:\Users\Michal\Desktop\Fixlog.txt
2017-12-25 20:36 - 2017-12-25 20:41 - 000000000 ____D C:\AdwCleaner
2017-12-25 20:36 - 2017-12-25 20:36 - 008198432 _____ (Malwarebytes) C:\Users\Michal\Downloads\adwcleaner_7.0.6.0.exe
2017-12-25 18:41 - 2017-12-25 22:15 - 000000000 ____D C:\FRST
2017-12-25 18:39 - 2017-12-25 18:39 - 001752576 _____ (Farbar) C:\Users\Michal\Desktop\FRST.exe
2017-12-25 18:39 - 2017-12-25 18:39 - 000112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2017-12-25 18:35 - 2017-12-25 19:51 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-12-25 18:35 - 2017-12-25 18:36 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-12-25 18:35 - 2017-12-25 18:35 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-12-25 18:35 - 2017-12-25 18:35 - 000002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-12-25 18:35 - 2017-12-25 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-12-25 18:35 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-12-25 18:33 - 2017-12-25 18:33 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Michal\Downloads\spybotsd-2.6.46.exe
2017-12-25 12:14 - 2017-12-25 12:14 - 000000000 ____D C:\rsit
2017-12-25 12:14 - 2017-12-25 12:14 - 000000000 ____D C:\Program Files\trend micro
2017-12-25 12:13 - 2017-12-25 12:13 - 001107968 _____ C:\Users\Michal\Desktop\RSIT.exe
2017-12-21 19:56 - 2016-05-17 13:56 - 000000000 ____D C:\Users\Michal\Desktop\SpyHunter v4.22.8.4668 Portable
2017-12-21 19:25 - 2017-12-21 19:26 - 010439147 _____ (Igor Pavlov) C:\Users\Michal\Desktop\SpyHunter v4.22.8.4668 Portable + integrovaný crack.exe
2017-12-21 19:15 - 2017-12-21 19:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-21 19:15 - 2017-12-21 19:15 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-21 19:15 - 2017-11-29 09:11 - 000059896 _____ C:\Windows\system32\Drivers\mbae.sys
2017-12-21 19:14 - 2017-12-21 19:14 - 000000000 ____D C:\ProgramData\MB2Migration
2017-12-21 14:26 - 2017-12-21 14:26 - 000000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2017-12-21 14:09 - 2017-12-25 22:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-12-18 18:38 - 2017-12-18 18:38 - 000000000 ____D C:\Users\Michal\AppData\Local\CrashDumps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-25 22:14 - 2016-02-17 20:46 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2017-12-25 22:14 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-25 22:12 - 2009-07-14 03:37 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-12-25 22:04 - 2016-02-17 14:47 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-25 21:58 - 2009-07-14 05:34 - 000025728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-25 21:58 - 2009-07-14 05:34 - 000025728 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-25 21:57 - 2016-02-17 13:57 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-25 21:57 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2017-12-25 20:23 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\tracing
2017-12-25 14:13 - 2016-04-01 22:00 - 000000000 ____D C:\Users\Michal\AppData\Local\Opera Software
2017-12-25 14:13 - 2016-04-01 21:05 - 000000000 ____D C:\Program Files\Opera developer
2017-12-21 20:56 - 2016-02-22 08:04 - 000000000 ____D C:\extensions
2017-12-21 19:15 - 2016-02-24 20:59 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-21 19:15 - 2016-02-24 20:59 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-12-21 18:44 - 2016-02-22 07:44 - 000000000 ____D C:\Windows\system32\appmgmt
2017-12-21 13:02 - 2016-02-23 21:15 - 000000000 ____D C:\Users\Michal
2017-12-12 12:01 - 2017-09-22 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-04 11:15 - 2016-03-27 09:07 - 000000000 ____D C:\Users\Jana\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-21 14:47

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:49.95 GB) (Free:26.43 GB) NTFS
Drive d: () (Fixed) (Total:69.19 GB) (Free:27.99 GB) NTFS

Available physical RAM: 889.1 MB
Total physical RAM: 2036.3 MB
Percentage of memory in use: 56%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 336B3A6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=69.2 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Michal\Desktop" je 102 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray
C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM Tray Agent
"C:\Program Files\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#10 Příspěvek od **Rudy** » 26 pro 2017 11:12

OK. Nastala nějaká změna?

moldow · #11 Příspěvek od **moldow** » 26 pro 2017 14:21

Ziadna zmena. Pri pusteni chrome sa stale otvara jeden Tab navyse s tou divnou url.

#12 Příspěvek od **Rudy** » 26 pro 2017 15:06

Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

moldow · #13 Příspěvek od **moldow** » 26 pro 2017 20:44

Teraz som to spravil inak. Najskor som odinstaloval Chrome a potom spustil cistenie s Zoek.exe a aj Junkware removal tool. Potom naspat nainstaloval Chrome a vyzera ze to pomohlo. Dakujem velmi pekne, hlavne za tu trpezlivost. Tu su logy:

Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Michal on ut 26. 12. 2017 at 20:16:26,78.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Michal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-12-26-184847.log 5484 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Michal\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Michal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ut 26. 12. 2017 at 20:18:39,66 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x86
Ran by Michal (Administrator) on ut 26. 12. 2017 at 20:19:49,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 18

Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIFXU4A1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGYT2FYW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5DHTKXP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEO1A41Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYDA2TEO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6YM1YKF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L58M9P9W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6YHT7IM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIFXU4A1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGYT2FYW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D5DHTKXP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DEO1A41Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYDA2TEO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6YM1YKF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L58M9P9W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N6YHT7IM (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 26. 12. 2017 at 20:23:11,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 Příspěvek od **Rudy** » 26 pro 2017 21:03

Také je to tak možné. Jsem réd, že je problém vyřešen. Nemáte zač!

VIRY.CZ

chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92f2-8

chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92f2-8

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92

Re: chrome otvara tab s toutu URL - %7B9d6b0768-e83d-4038-92