VIRY.CZ

Mám tu notebook co při přístupu k emailu na Seznamu otevře stránku se žádostí o změnu hesla a instalací aplikace na mobilní telefon. Prosím o kontrolu logu.
Díky
Petr

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-04-2016 01
Ran by Admin (administrator) on ADMIN-PC (17-04-2016 11:07:24)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [264792 2011-01-26] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-04-05] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\...\Run: [Dropbox Update] => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Admin\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Admin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [103080 2015-05-26] ()
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-04-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{02F8AAD9-9607-4D5B-AAA5-01CAAC6498E6}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0861B500-9FAF-46A2-BDD8-FB02258CDB69}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F6660737-13E4-42A4-A9BD-4CC3C4ECC458}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-967406737-3052991210-2011929142-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=275&systemid=448&v=n15946-680&apn_uid=2516421311374351&apn_dtid=TCH001&o=APN10648&apn_ptnrs=AGI&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {32502C8E-C340-476C-9EE8-E115A910ED6B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {3FA23E8A-85B2-4C26-824D-AF2C56D13F24} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {402A58D2-0C64-4CDC-A49B-C22BE4A397E4} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {4449ABD9-BBD5-47D9-98B4-32A01548D030} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {78B47CB4-B706-4CAC-B828-29E9070C92A2} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=275&systemid=448&v=n15946-680&apn_uid=2516421311374351&apn_dtid=TCH001&o=APN10648&apn_ptnrs=AGI&q={searchTerms}
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {A2E93FC0-5A17-4A0E-B1B9-2259DC1F9F86} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {ABF49790-3104-4490-A3CA-8E6B4969548C} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {B89D725D-83A9-4707-A1DE-8044A98E9AC4} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
SearchScopes: HKU\S-1-5-21-967406737-3052991210-2011929142-1000 -> {C60E0F73-48C5-4BE9-8EC9-1A25543FFAAE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-05] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-967406737-3052991210-2011929142-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Extension: Pin It button - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2015-11-30]
FF Extension: Seznam lištička - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2016-03-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-05]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-05]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxp://search.seznam.cz/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> seznam.cz
CHR DefaultSuggestURL: Default -> hxxp://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Seznam Lištička - Email) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-04-17]
CHR Extension: (Seznam Lištička - Slovník) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2016-03-23]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-09]
CHR Extension: (Avast SafePrice) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-04-17]
CHR Extension: (No Name) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-17]
CHR Extension: (Skype Click to Call) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-03-23]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-02]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-05]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-04-05] (AVAST Software)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [46680 2011-01-14] (Alcor Micro, Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-04-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-04-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-04-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-04-05] (AVAST Software)
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [17504 2003-02-21] ( )
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [68208 2011-04-19] (Atheros Communications, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 11:07 - 2016-04-17 11:07 - 00016197 _____ C:\Users\Admin\Desktop\FRST.txt
2016-04-17 11:06 - 2016-04-17 11:07 - 00000000 ____D C:\FRST
2016-04-17 11:05 - 2016-04-17 10:45 - 01726464 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-04-17 10:58 - 2016-04-17 10:58 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2016-04-05 21:39 - 2016-04-05 21:39 - 00002081 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-04-05 21:39 - 2016-04-05 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-05 21:38 - 2016-04-05 20:38 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-05 20:38 - 2016-04-05 20:38 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-05 20:37 - 2016-04-05 20:37 - 00294816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-04-04 21:34 - 2016-04-05 20:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-20 10:46 - 2016-04-06 14:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Seznam.cz
2016-03-20 10:46 - 2016-03-26 20:34 - 00000000 ____D C:\Users\Admin\Documents\pyramidak
2016-03-20 10:46 - 2016-03-20 10:46 - 00000000 ____D C:\Users\Admin\AppData\Roaming\pyramidak
2016-03-20 10:46 - 2016-03-20 10:46 - 00000000 ____D C:\Program Files\Seznam.cz
2016-03-20 10:45 - 2016-03-20 10:45 - 00002059 _____ C:\Users\Admin\Desktop\Kalendář.lnk
2016-03-20 10:45 - 2016-03-20 10:45 - 00000000 ____D C:\Program Files\pyramidak
2016-03-20 10:44 - 2016-03-20 10:45 - 08162080 _____ C:\Users\Admin\Downloads\InstKalendar.exe
2016-03-20 10:24 - 2016-03-20 10:24 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 11:07 - 2012-10-24 10:24 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-17 11:07 - 2009-07-14 10:37 - 00668376 _____ C:\Windows\system32\perfh005.dat
2016-04-17 11:07 - 2009-07-14 10:37 - 00141004 _____ C:\Windows\system32\perfc005.dat
2016-04-17 11:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-04-17 11:00 - 2009-07-14 06:34 - 00015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-17 11:00 - 2009-07-14 06:34 - 00015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-17 10:51 - 2015-06-23 20:09 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000Core.job
2016-04-17 10:50 - 2012-12-19 15:37 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000Core.job
2016-04-17 10:44 - 2015-06-23 20:09 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000UA.job
2016-04-17 10:44 - 2013-07-22 13:24 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 10:44 - 2012-12-19 15:37 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000UA.job
2016-04-17 10:44 - 2012-12-15 11:43 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-06 14:21 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-05 21:40 - 2015-01-19 18:20 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-05 21:39 - 2015-01-19 20:54 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-04-05 21:39 - 2015-01-19 20:54 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-04-05 21:38 - 2015-01-19 20:54 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-04-05 21:38 - 2015-01-19 20:54 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-05 20:38 - 2015-01-19 20:54 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-05 20:38 - 2015-01-19 20:54 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-05 20:38 - 2015-01-19 20:54 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-05 20:38 - 2015-01-19 20:54 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-05 20:38 - 2015-01-19 20:51 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-05 20:29 - 2015-11-29 11:15 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2016-04-05 20:06 - 2012-10-26 21:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-05 19:53 - 2014-10-09 20:13 - 00001030 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-01 13:12 - 2012-12-21 13:08 - 00000000 ___RD C:\Users\Admin\Desktop\ENERGIE našeho domu
2016-03-30 20:23 - 2013-07-22 13:25 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-30 20:23 - 2013-07-22 13:25 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-29 19:40 - 2015-04-28 19:26 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-24 21:44 - 2012-10-24 15:07 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-24 21:44 - 2012-10-24 15:07 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-23 09:59 - 2009-07-14 06:33 - 00335848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-23 09:57 - 2015-04-28 19:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-23 09:33 - 2015-01-20 17:41 - 00000000 ____D C:\Windows\system32\MRT
2016-03-22 21:30 - 2015-01-20 17:41 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-20 10:24 - 2014-08-28 20:56 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Dropbox
2016-03-19 14:58 - 2012-12-14 10:31 - 00013728 _____ C:\Users\Admin\Desktop\Podnájem byt Americká.xlsx

==================== Files in the root of some directories =======

2013-03-02 19:14 - 2013-03-02 19:14 - 0003584 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Admin\winamp5623_full_emusic-7plus_all.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000Core.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000UA.job => C:\Users\Admin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000Core.job => C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-967406737-3052991210-2011929142-1000UA.job => C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 1834 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Proveďte následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Díky.
Výsledky ZOEK...


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Admin on ne 17.04.2016 at 11:44:17,31.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.4.2016 11:45:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Sony Ericsson deleted successfully
C:\Program Files\Winamp deleted successfully
C:\PROGRA~2\Sony Ericsson deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-967406737-3052991210-2011929142-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Bing ");
user_pref("keyword.URL", "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q=");

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Sony Ericsson not found
C:\Program Files\Winamp not found
C:\PROGRA~2\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\Users\Admin\AppData\Local\torchimeshmoviestoolbar deleted
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default\jetpack deleted
C:\Users\Admin\winamp5623_full_emusic-7plus_all.exe deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [05.04.2016 21:41]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Pin It button - %ProfilePath%\extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default
6EB985F553B9B45633348B8C8A5849C1 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
A419F8F86D7DF773D4793D2808F88A0D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9F9E2E37C8455FCC7E2716E3AFD3EF88 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
BC14E71CDF13C6AE8C1250F1CA129822 - C:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector
1B743D5B6FD001660FAB17DD7C347A38 - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In
7C67580DFE143EF19E7418B0F054B5F6 - C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
4F3F6B17B4A5BDB68B3CB0367A2C214E - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[05.04.2016 20:38]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05.04.2016 20:38]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

Seznam Lištička - Email - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Avast SafePrice - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Seznam Lištička - Rychlá volba - Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Search Extension by Ask v2 - Admin\AppData\Local\Torch\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn
Ask Toolbar - Admin\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne
ThemeBeta.com - Admin\AppData\Local\Torch\User Data\Default\Extensions\bokadokfjkloipfpomljajlhcncgejoc
DropToS - Admin\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo
Torch New Tab - Admin\AppData\Local\Torch\User Data\Default\Extensions\dipchieogpecpggdacaaffcjemkggfbi
Torch Games - Admin\AppData\Local\Torch\User Data\Default\Extensions\elnodfjhjgpnmdhklbfeijeaehcgffnp
Avast SafePrice - Admin\AppData\Local\Torch\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Torch Music - Admin\AppData\Local\Torch\User Data\Default\Extensions\gcjbdjlojcomlphfchhihkigepfabcad
Avast Online Security - Admin\AppData\Local\Torch\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Torch Games - Admin\AppData\Local\Torch\User Data\Default\Extensions\khkmhmmjbfailffpaicjgedkpboookjk
Skype Click to Call - Admin\AppData\Local\Torch\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Torch Torrent - Admin\AppData\Local\Torch\User Data\Default\Extensions\mpdmibcjecdaibcnlilhiopefjgegjjc
Torch Music - Admin\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed

==== Chromium Startpages ======================

C:\Users\Admin\AppData\Local\Torch\User Data\Default\Preferences
"homepage": "http://home.torchbrowser.com",
"startup_urls": [ "http://home.torchbrowser.com" ]


==== Chromium Fix ======================

C:\Users\Admin\AppData\Local\Torch\User Data\Default\Extensions\dipchieogpecpggdacaaffcjemkggfbi deleted successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_dipchieogpecpggdacaaffcjemkggfbi_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Local Storage\chrome-extension_dipchieogpecpggdacaaffcjemkggfbi_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\databases\chrome-extension_dipchieogpecpggdacaaffcjemkggfbi_0 deleted successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne deleted successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Extensions\aaaaafeopjhkcolncjbedbhofpocmdbn deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\{32502C8E-C340-476C-9EE8-E115A910ED6B} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
HKCU\SearchScopes\{3FA23E8A-85B2-4C26-824D-AF2C56D13F24} - http://www.mapy.cz/?query={searchTerms} ... arch_12454
HKCU\SearchScopes\{402A58D2-0C64-4CDC-A49B-C22BE4A397E4} - http://search.seznam.cz/?q={searchTerms ... arch_12454
HKCU\SearchScopes\{4449ABD9-BBD5-47D9-98B4-32A01548D030} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{78B47CB4-B706-4CAC-B828-29E9070C92A2} - http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
HKCU\SearchScopes\{A2E93FC0-5A17-4A0E-B1B9-2259DC1F9F86} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
HKCU\SearchScopes\{ABF49790-3104-4490-A3CA-8E6B4969548C} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{B89D725D-83A9-4707-A1DE-8044A98E9AC4} - http://www.novinky.cz/hledej?w={searchT ... arch_12454
HKCU\SearchScopes\{C60E0F73-48C5-4BE9-8EC9-1A25543FFAAE} - http://encyklopedie.seznam.cz/search?q= ... arch_12454

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Secure Preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yqsb9dn3.default\cache2 emptied successfully
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yqsb9dn3.default\storage\default\https+++www.pinterest.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Admin\AppData\Local\Torch\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=417 folders=174 44135246 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 17.04.2016 at 12:08:31,73 ======================


a výsledky JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Professional x86
Ran by Admin (Administrator) on ne 17.04.2016 at 12:11:13,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Failed to delete: C:\Users\Admin\AppData\Local\torch (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal (File)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage-journal (File)
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{402A58D2-0C64-4CDC-A49B-C22BE4A397E4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 17.04.2016 at 12:14:50,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Změnilo se něco nyní?

Změnilo. Už se otevře Seznam email jako normálně. Děkuju.

OK a nemáte zač!