JS/ProxyChanger.EF

[rubino.cz]

FRST3.zip

(16.14 KiB) Staženo 91 x

Ahoj Lidi,

prosím o pomoc s odtraněním JS/ProxyChanger.EF mám ESS 10 a neustále mi vyskakuje hláška o zablokovaní komunikace či přístupu k souboru. Použil jsem už spoustu různých utilit, ale vysledkem je stále se zobrazující upozornění od ESS.

LOG z FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2017
Ran by Lukáš (30-05-2017 14:00:05)
Running from C:\Users\Lukáš\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-07-14 09:33:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2338316215-1332446549-4206670980-500 - Administrator - Disabled)
Guest (S-1-5-21-2338316215-1332446549-4206670980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2338316215-1332446549-4206670980-1003 - Limited - Enabled)
Lukáš (S-1-5-21-2338316215-1332446549-4206670980-1000 - Administrator - Enabled) => C:\Users\Lukáš

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Ceník stavebních prací 4.1 - aktualizace 4.1.7 (HKLM\...\Ceník stavebních prací_is1) (Version: 4.1 - aktualizace 4.1.7 - Verlag Dashöfer s.r.o)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.3 - Hewlett-Packard)
Dropbox (HKLM\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Ekonomický systém Money S3 (HKLM\...\Money S3) (Version: 17.401 (20170504_13) - CÍGLER SOFTWARE, a.s.)
ESET Smart Security (HKLM\...\{3A27C39E-C633-43B6-A067-887688992823}) (Version: 10.0.337.3 - ESET, spol. s r.o.)
Google Drive (HKLM\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 cs) (HKLM\...\Mozilla Thunderbird 45.8.0 (x86 cs)) (Version: 45.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version: - )
NVIDIA Ovladače grafiky 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
OKI Network Extension (HKLM\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Ovládací panel NVIDIA 341.95 (Version: 341.95 - NVIDIA Corporation) Hidden
Plate 'n' Sheet Professional V4 (HKLM\...\{A480FA80-E6F4-42DE-8F3F-F9DC5A16EA99}) (Version: 4.10.21 - R&L CAD Services Pty Ltd)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Sheet Lightning Pro Demo 6 (HKLM\...\{DE60387F-F53D-4AE5-9E55-371555D7F618}) (Version: 6.02 - Revcad Ltd)
SketchUp 2015 (HKLM\...\{989CF309-4CB7-49F9-8B77-2CD9E9EE5BF2}) (Version: 15.0.9351 - Trimble Navigation Limited)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z) (Version: 7.80.3.52 - Conexant Systems)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.52a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E0AD197-3C0B-4CC0-BCD7-56D0CD9F6950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {11753699-AC00-485E-9B5F-89D6345D4468} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-24] (Dropbox, Inc.)
Task: {5979BBD0-7B0E-408B-AC1A-301BA3687C44} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-24] (Dropbox, Inc.)
Task: {61450F22-F5C8-46CE-9D80-7BC67C1D70FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6D20C13F-490D-4D38-866B-48A2BBD84F34} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {8735A87E-1942-4677-A79C-49BF901E408A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {B82EB69A-EBF8-4FDC-8986-F6E6BE563382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-30 11:35 - 2016-03-14 23:59 - 02224064 _____ () C:\Windows\system32\nvwmi.exe
2017-05-30 11:35 - 2016-01-29 12:14 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-05-05 15:04 - 2017-04-25 10:35 - 00019184 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2017-05-30 12:52 - 2017-05-30 12:52 - 00098816 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32api.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00110080 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pywintypes27.dll
2017-05-30 12:52 - 2017-05-30 12:52 - 00364544 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pythoncom27.dll
2017-05-30 12:52 - 2017-05-30 12:52 - 00320512 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32com.shell.shell.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00914432 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_hashlib.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 01176576 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._core_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00806400 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._gdi_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00816128 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._windows_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 01067008 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._controls_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00733184 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._misc_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00682496 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pysqlite2._sqlite.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00088064 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_ctypes.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00686080 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\unicodedata.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00119808 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32file.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00108544 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32security.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00007168 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\hashobjs_ext.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00017920 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\thumbnails_ext.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00088064 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\usb_ext.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00012800 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\common.time34.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00018432 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32event.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00167936 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32gui.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00046080 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_socket.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 01303552 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_ssl.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00128512 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_elementtree.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00127488 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pyexpat.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00038912 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32inet.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00036864 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_psutil_windows.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00524248 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\windows._lib_cacheinvalidation.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00011264 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32crypt.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00123392 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._wizard.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00077312 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._html2.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00027648 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_multiprocessing.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00020480 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_yappi.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00035840 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32process.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00078848 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._animate.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00024064 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32pipe.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00010240 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\select.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00025600 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32pdh.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00017408 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32profile.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00022528 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32ts.pyd
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:6DEA77C2 [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.1 - 10.1.1.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C33FE118-079D-4E80-B515-890A0DC92FC6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{83F22C43-F09B-440D-BF38-50B67C589AC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8E48B7AC-F125-4B9C-8B9D-53791A0BEFB2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E10F662E-2199-4A3C-8D14-416D77E688C0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E0579427-DF2B-4BF6-9106-C0877B26A80B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{99B24CFF-EB33-46C9-8CD6-4E0DC6E8FE38}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8C6B0DFD-62C6-433E-9FC2-9430CB2E2704}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40F9AF48-BD48-48FC-BB48-F5FF3542BFDC}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{CBDC10DD-79D4-48DE-9171-8FA20E08E54F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-05-2017 10:52:06 Windows Update
29-05-2017 09:53:06 Windows Update
30-05-2017 11:31:37 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2017 12:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 11:38:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (05/30/2017 11:38:24 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:23 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/30/2017 11:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/30/2017 12:52:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 11:38:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 11:38:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (05/30/2017 11:38:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-1073473535, specifickou pro službu.

Error: (05/30/2017 10:24:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 10:22:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba zařazování tisku neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.

Error: (05/30/2017 10:22:04 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba Spooler se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.


Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (05/30/2017 10:21:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Com4QLBEx byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/30/2017 10:21:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba hpqwmiex byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/30/2017 10:21:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3071.3 MB
Available physical RAM: 1499.7 MB
Total Virtual: 6140.93 MB
Available Virtual: 4380.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:103.19 GB) (Free:36.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:8.16 GB) (Free:2.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DABFDABF)
Partition 1: (Active) - (Size=103.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=8.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[rubino.cz]

# AdwCleaner v6.047 - Log vytvořen 31/05/2017 v 08:10:29
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-05-30.2 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : Lukáš - LUKAS_NTB
# Spuštěno z : C:\Users\Lukáš\Downloads\adwcleaner_6.047.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Služba nalezena: EsgScanner


***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1697 Bajty] - [30/05/2017 10:21:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [2452 Bajty] - [30/05/2017 10:19:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [1369 Bajty] - [31/05/2017 08:10:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1442 Bajty] ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
Task: {61450F22-F5C8-46CE-9D80-7BC67C1D70FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {B82EB69A-EBF8-4FDC-8986-F6E6BE563382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
C:\Users\LUK~1\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:6DEA77C2 [130]
C:\Users\Lukáš\AppData\Roaming\dssftr1476_yp_tmp.tmp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[rubino.cz]

dobrý den,

VELMI DĚKUJU ZA RADY, udělal jsem vše jak bylo víše popsáno....zatím se hlášky od ESS objevují.

vir.jpg (18.97 KiB) Zobrazeno 4945 x

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-06-2017
Ran by Lukáš (05-06-2017 07:44:07) Run:1
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
Task: {61450F22-F5C8-46CE-9D80-7BC67C1D70FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {B82EB69A-EBF8-4FDC-8986-F6E6BE563382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
C:\Users\LUK~1\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:6DEA77C2 [130]
C:\Users\Lukáš\AppData\Roaming\dssftr1476_yp_tmp.tmp

EmptyTemp:
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61450F22-F5C8-46CE-9D80-7BC67C1D70FC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61450F22-F5C8-46CE-9D80-7BC67C1D70FC} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B82EB69A-EBF8-4FDC-8986-F6E6BE563382} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82EB69A-EBF8-4FDC-8986-F6E6BE563382} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.

"C:\Users\LUK~1\AppData\Local\Temp" folder move:

Could not move "C:\Users\LUK~1\AppData\Local\Temp" => Scheduled to move on reboot.

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully..
C:\ProgramData\TEMP => ":6DEA77C2" ADS removed successfully..
C:\Users\Lukáš\AppData\Roaming\dssftr1476_yp_tmp.tmp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9452734 B
Java, Flash, Steam htmlcache => 757 B
Windows/system/drivers => 15884 B
Edge => 0 B
Chrome => 116736 B
Firefox => 375018424 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29574473 B
LocalService => 66356 B
NetworkService => 3426 B
Lukáš => 50346402 B

RecycleBin => 7467390 B
EmptyTemp: => 458.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-06-2017 07:46:51)

"C:\Users\LUK~1\AppData\Local\Temp" => Could not move

==== End of Fixlog 07:46:54 ====

[Rudy]

Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. předem nic nemažte.

[rubino.cz]

Dobrý den,

opět o kousek dál....tam toho je....

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/6/17
Scan Time: 1:39 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.0
Update Package Version: 1.0.2096
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Lukas_NTB\Luk\u00c3\u00a1\u00c5\u00a1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245957
Threats Detected: 7
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [277], [-1],0.0.0

Registry Value: 5
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, [277], [391291],1.0.2096
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, [277], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [277], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [277], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [277], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.SpyHunter, C:\USERS\LUKáš\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [927], [345850],1.0.2096

Physical Sector: 0
(No malicious items detected)


(end)

[Rudy]

Smazáno. Nastala nějaká změna?

[rubino.cz]

Smazal a po restartu hlaska objevila znova....udelal nový scan....a opět zaznamy v registrech...

[Rudy]

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[rubino.cz]

spustil jsem první SCAN a po 3 hodinach na me koukalo toto - jen nevim jestli proběhl restart nebo ne..

Jdu spustit druhý...


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Luk ç on źt 08.06.2017 at 13:23:27,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\LUK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 13:24:05,30 =====

--- Create Environment Variables 13:24:08,17
--- Create System Restore Point 13:24:19,92
--- Checking Input 13:24:56,45
--- Reset Hosts File 13:25:22,90
--- AU AppData Check 13:25:24,49
--- Remove From Windows Installer 13:25:33,27
--- Empty Folders Check 13:28:14,53
--- Registry HKLM Software Check 13:28:14,55
--- IE Startpage Check 13:29:12,14
--- Program Files DB Check 13:29:58,93
--- C:\Users\Default\AppData\ DB Check 13:31:30,05
--- C:\Users\Default User\AppData\ DB Check 13:31:30,05
--- C:\Users\LUK~1\AppData\ DB Check 13:31:30,05
--- C:\Windows\system32\config\systemprofile\AppData\ DB Check 13:31:30,05
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 13:31:30,05
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 13:31:30,05
--- C:\Users\LUK~1 DB Check 13:34:54,19
--- C:\PROGRA~2 DB Check 13:35:24,50
--- C:\Users\Default\AppData\Local DB Check 13:35:31,32
--- C:\Users\Default User\AppData\Local DB Check 13:35:31,32
--- C:\Users\LUK~1\AppData\Local DB Check 13:35:31,32
--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check 13:35:31,32
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 13:35:31,32
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 13:35:31,32
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 13:37:51,40
--- C:\Users\LUK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 13:38:08,88
--- Tasks DB Check 13:38:20,00
--- Downloads DB Check 13:38:27,36
--- C:\Users\LUK~1\AppData\LocalLow DB Check 13:38:34,55
--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check 13:38:34,55
--- Tasks2 DB Check 13:39:09,79
--- Documents DB Check 13:40:01,23
--- C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default DB Check 13:40:12,66
--- C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default DB Check 13:40:12,66
--- C:\Users\Public\Desktop DB Check 13:40:20,57
--- C:\Users\LUK~1\Desktop DB Check 13:40:31,01
--- Services DB Check 13:40:44,77
--- FF prefs.js DB Check 13:41:29,37
--- Emptyclsid 13:43:51,16
--- Del by CLSID 13:43:54,28
--- Delete Services 13:44:24,43
--- Firefox Fix 13:44:27,60
--- Delete files\folders 13:44:31,76
--- Create Backups 13:44:32,00
--- Firefox Extensions 13:44:36,88

[Rudy]

Pokud restart neproběhl, restartujte ručně.

[rubino.cz]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Luk ç on źt 08.06.2017 at 13:23:27,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\LUK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8.6.2017 13:24:51 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Softland deleted successfully
C:\PROGRA~2\CorelDRAW Graphics Suite X5 deleted successfully
C:\Users\LUK~1\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default\prefs.js:

Added to C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Softland not found
C:\PROGRA~2\Package Cache deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default
- Undetermined - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default
- Undetermined - C:\Users\Lukáš\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Docs - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Chromium Startpages ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\LUK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\LUK~1\AppData\Local\Mozilla\Firefox\Profiles\u0hectbq.default\cache2 emptied successfully
C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=4 7138453 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\LUK~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 12.06.2017 at 9:21:56,93 ======================




xxxxxxxxxxxxxxxxxxxxxx DRUHÝ xxxxxxxxxxxxxxxxxxxxxxxxxxxx




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x86
Ran by Luk ç (Administrator) on źt 08.06.2017 at 16:26:47,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7R19P13 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC7NUI4O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD78YK0R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ1SAH9U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7R19P13 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC7NUI4O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD78YK0R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ1SAH9U (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 08.06.2017 at 16:31:29,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

Změnilo se něco nyní?

[rubino.cz]

Dobrý den,

stále se to objevuje....tak si říkám jestli to spíš celé nepřeinstaluju.

Lukáš