firefox: nový panel s reklamou

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {11F82C0C-C38B-4901-AFB7-E3BA99B5815C}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{11F82C0C-C38B-4901-AFB7-E3BA99B5815C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE
IE:64bit: - HKLM\..\SearchScopes\{C936B705-D23F-43FC-A827-4794AE236EEF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE
IE - HKLM\..\SearchScopes,DefaultScope = {11F82C0C-C38B-4901-AFB7-E3BA99B5815C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{11F82C0C-C38B-4901-AFB7-E3BA99B5815C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE
IE - HKLM\..\SearchScopes\{C936B705-D23F-43FC-A827-4794AE236EEF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll File not found
[2016.07.18 00:34:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\Extensions
[2016.12.31 01:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions
[2016.12.31 00:07:31 | 000,514,262 | ---- | M] () (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
[2016.12.31 00:09:26 | 000,084,584 | ---- | M] () (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi
[2016.12.31 00:09:12 | 000,015,300 | ---- | M] () (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\jid1-P34HaABBBpOerQ@jetpack.xpi
[2016.12.31 00:00:45 | 001,019,941 | ---- | M] () (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi
[2016.12.31 00:08:51 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016.12.30 23:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2016.09.04 04:53:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016.11.11 11:01:16 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016.11.11 08:47:14 | 005,722,832 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016.07.16 12:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016.07.16 12:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016.07.16 12:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\WINDOWS\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\luvan\AppData\Roaming\AVAST Software

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\SysNative\drivers\028C3A53.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[vantyto]

Je možné že to "028C3A53.sys" se nenchází v "C:\WINDOWS\SysNative\drivers\" ale v "C:\Windows\System32\drivers", (dočetl jsem se že přes 64-bit system se tam jen tak nedostanu) pokud ano, zde jsou výsledky testu https://www.virustotal.com/en/file/e953 ... 483659729/


a zde přidávám log z OTL:
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11F82C0C-C38B-4901-AFB7-E3BA99B5815C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F82C0C-C38B-4901-AFB7-E3BA99B5815C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C936B705-D23F-43FC-A827-4794AE236EEF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C936B705-D23F-43FC-A827-4794AE236EEF}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11F82C0C-C38B-4901-AFB7-E3BA99B5815C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F82C0C-C38B-4901-AFB7-E3BA99B5815C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C936B705-D23F-43FC-A827-4794AE236EEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C936B705-D23F-43FC-A827-4794AE236EEF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: foxmarks%40kei.com:4.3.19 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\modules folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\META-INF folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\defaults\preferences folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\defaults folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\components folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\skin\modern\images folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\skin\modern folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\skin folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\zh-TW folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\zh-CN folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\vi folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\uk-UA folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\tr-TR folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\sv-SE folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\sk-SK folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\ru-RU folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\ro folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\pt-PT folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\pt-BR folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\pl-PL folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\nn-NO folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\nl folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\ko-KR folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\ja-JP folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\it-IT folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\hu-HU folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\fy-NL folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\fr folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\fi-FI folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\eu-ES folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\et-EE folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\es-ES folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\en-US folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\el-GR folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\de folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\da-DK folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\cs-CZ folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\bn-IN folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\bg-BG folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale\ar folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\locale folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\content\shared folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome\content folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com\chrome folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions\foxmarks@kei.com folder moved successfully.
C:\Users\luvan\AppData\Roaming\mozilla\Firefox\Profiles\txs9d34m.default-1483138573866\extensions folder moved successfully.
File C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi not found.
File C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi not found.
File C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\jid1-P34HaABBBpOerQ@jetpack.xpi not found.
File C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi not found.
File C:\Users\luvan\AppData\Roaming\mozilla\firefox\profiles\txs9d34m.default-1483138573866\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== FILES ==========
File move failed. C:\WINDOWS\System32\TBM8FB4.tmp scheduled to be moved on reboot.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File move failed. C:\Windows\SysWow64\TBM8FB4.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
C:\WINDOWS\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat moved successfully.
C:\Users\luvan\AppData\Roaming\AVAST Software\SecureLine\cookie folder moved successfully.
C:\Users\luvan\AppData\Roaming\AVAST Software\SecureLine folder moved successfully.
C:\Users\luvan\AppData\Roaming\AVAST Software folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated
->Temporary Internet Files folder emptied: 0 bytes

User: luvan
->Temp folder emptied: 230682615 bytes
->Temporary Internet Files folder emptied: 106035 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 201291101 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 102344 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25008 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 412,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062017_002810

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\TBM8FB4.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\TBM8FB4.tmp scheduled to be moved on reboot.
File move failed. C:\Users\luvan\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[jaro3]

Jo to máš pravdu , museli bysme to někam překopírovat scriptem. Má to být ovladač Malwarebytes , ale ten čas nějak nesedí s instalací mbam.

Co problémy?

[vantyto]

pořád vyskakují reklamy :/ (myslim že z tý jedný pornostránky (jedna ze stránek co naskakuje) by mi meli poslat nejakej dekovnej dopis, za počet navštívení za 1 den )


zkoušel jsem změnit výchozý prohlížeč na edge, zda to neni spojený s nastavním defaultního prohlížeče, ale ne...je to nejak zakotvený do toho firefoxu :/ .... otázka zní, zda je to zakotveno v nejakých souborech, který zustali i při odinstalaci, nebo nekde v systemovejch souborech

pokud ve firefoxovejch, mohl bych zkusit kompletne smazat, zbavit se registru mozilly, atd. a pak zkusit nainstalovat.

dotoho ted zkouším nainstalovat chrome, zda tam se ten problém taky nebude náhoodu vyskytovat.
edit: tak v chromu jak sem čekal nic, bez problemu

[vantyto]

tak, uplný smazání firefoxu, včetne registu nepomohlo, nejspíše přejdu na chrome, asi nejednodužší řešení :/ jediný co musim doufat že to neni nejaká skrytá hrzoba co bude delat paseku

nebo, ješte nejaký jiný návrhy?

[jaro3]

Stáhni si GooredFix
a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).

[vantyto]

z toho logu usuzuju že to bude nekde jinde :/ , ale z testovanách prohlížeču, edge i chrome bez problému :/ jen firefox se nejak chytnul :/

Gorefix log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:42 on 06/01/2017 (luvan)
Firefox version 50.1.0 (x86 en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

[jaro3]

to ale nemusí být adware , to dělá po připojení na nějakou stránku?
Dej sem screen.

[vantyto]

nene......i když sjem offline, nabehne nejaká stránka, a pak se to přesmeruje, ale když sem ofline, tak se akorát nenačte ta finální stránka samozřejme

jinak, nabehne to i bez otevřenýho prohlížeče, je vyplej, a sam se pustí firefox jen kvuli tomu

spíš by to chtelo video než screen, horší je že nevím v jakém to naskakuje intervalu, takže to bude težké nahrát

[jaro3]

A to dělá jen v firefoxu?

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.3.19
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

zkus projít všechny doplňky , co máš nainstalovány.

[vantyto]

A to dělá jen v firefoxu?

ano, práve že jen firefox, nic jiného ne......zvláštní že to dělá uplně nově nainstalovaný čistý firefox i po uplném předchozím smazání (včetene souboru v %appdata% i registrech)

jdu provéct to s OTL.