VIRY.CZ

Ahoj Lidi,

prosím o pomoc s odtraněním JS/ProxyChanger.EF mám ESS 10 a neustále mi vyskakuje hláška o zablokovaní komunikace či přístupu k souboru. Použil jsem už spoustu různých utilit, ale vysledkem je stále se zobrazující upozornění od ESS.

LOG z FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-05-2017
Ran by Lukáš (30-05-2017 14:00:05)
Running from C:\Users\Lukáš\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2016-07-14 09:33:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2338316215-1332446549-4206670980-500 - Administrator - Disabled)
Guest (S-1-5-21-2338316215-1332446549-4206670980-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2338316215-1332446549-4206670980-1003 - Limited - Enabled)
Lukáš (S-1-5-21-2338316215-1332446549-4206670980-1000 - Administrator - Enabled) => C:\Users\Lukáš

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Ceník stavebních prací 4.1 - aktualizace 4.1.7 (HKLM\...\Ceník stavebních prací_is1) (Version: 4.1 - aktualizace 4.1.7 - Verlag Dashöfer s.r.o)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - CZ (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.3 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.3 - Hewlett-Packard)
Dropbox (HKLM\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Ekonomický systém Money S3 (HKLM\...\Money S3) (Version: 17.401 (20170504_13) - CÍGLER SOFTWARE, a.s.)
ESET Smart Security (HKLM\...\{3A27C39E-C633-43B6-A067-887688992823}) (Version: 10.0.337.3 - ESET, spol. s r.o.)
Google Drive (HKLM\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.12.1 - Hewlett-Packard)
Intel(R) Active Management Technology Device Software (HKLM\...\MESOL) (Version: - )
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 cs) (HKLM\...\Mozilla Thunderbird 45.8.0 (x86 cs)) (Version: 45.8.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version: - )
NVIDIA Ovladače grafiky 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
OKI Network Extension (HKLM\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
Ovládací panel NVIDIA 341.95 (Version: 341.95 - NVIDIA Corporation) Hidden
Plate 'n' Sheet Professional V4 (HKLM\...\{A480FA80-E6F4-42DE-8F3F-F9DC5A16EA99}) (Version: 4.10.21 - R&L CAD Services Pty Ltd)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Sheet Lightning Pro Demo 6 (HKLM\...\{DE60387F-F53D-4AE5-9E55-371555D7F618}) (Version: 6.02 - Revcad Ltd)
SketchUp 2015 (HKLM\...\{989CF309-4CB7-49F9-8B77-2CD9E9EE5BF2}) (Version: 15.0.9351 - Trimble Navigation Limited)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z) (Version: 7.80.3.52 - Conexant Systems)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.52a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E0AD197-3C0B-4CC0-BCD7-56D0CD9F6950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {11753699-AC00-485E-9B5F-89D6345D4468} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-24] (Dropbox, Inc.)
Task: {5979BBD0-7B0E-408B-AC1A-301BA3687C44} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-24] (Dropbox, Inc.)
Task: {61450F22-F5C8-46CE-9D80-7BC67C1D70FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {6D20C13F-490D-4D38-866B-48A2BBD84F34} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {8735A87E-1942-4677-A79C-49BF901E408A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {B82EB69A-EBF8-4FDC-8986-F6E6BE563382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-30 11:35 - 2016-03-14 23:59 - 02224064 _____ () C:\Windows\system32\nvwmi.exe
2017-05-30 11:35 - 2016-01-29 12:14 - 00121792 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2017-05-05 15:04 - 2017-04-25 10:35 - 00019184 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2017-05-30 12:52 - 2017-05-30 12:52 - 00098816 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32api.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00110080 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pywintypes27.dll
2017-05-30 12:52 - 2017-05-30 12:52 - 00364544 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pythoncom27.dll
2017-05-30 12:52 - 2017-05-30 12:52 - 00320512 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32com.shell.shell.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00914432 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_hashlib.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 01176576 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._core_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00806400 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._gdi_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00816128 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._windows_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 01067008 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._controls_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00733184 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._misc_.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00682496 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pysqlite2._sqlite.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00088064 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_ctypes.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00686080 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\unicodedata.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00119808 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32file.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00108544 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32security.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00007168 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\hashobjs_ext.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00017920 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\thumbnails_ext.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00088064 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\usb_ext.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00012800 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\common.time34.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00018432 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32event.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00167936 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32gui.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00046080 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_socket.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 01303552 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_ssl.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00128512 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_elementtree.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00127488 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\pyexpat.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00038912 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32inet.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00036864 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_psutil_windows.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00524248 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\windows._lib_cacheinvalidation.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00011264 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32crypt.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00123392 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._wizard.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00077312 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._html2.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00027648 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_multiprocessing.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00020480 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\_yappi.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00035840 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32process.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00078848 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\wx._animate.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00024064 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32pipe.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00010240 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\select.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00025600 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32pdh.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00017408 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32profile.pyd
2017-05-30 12:52 - 2017-05-30 12:52 - 00022528 ____R () C:\Users\LUK~1\AppData\Local\Temp\_MEI37482\win32ts.pyd
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:6DEA77C2 [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 10.0.0.1 - 10.1.1.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C33FE118-079D-4E80-B515-890A0DC92FC6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{83F22C43-F09B-440D-BF38-50B67C589AC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8E48B7AC-F125-4B9C-8B9D-53791A0BEFB2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E10F662E-2199-4A3C-8D14-416D77E688C0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E0579427-DF2B-4BF6-9106-C0877B26A80B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{99B24CFF-EB33-46C9-8CD6-4E0DC6E8FE38}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8C6B0DFD-62C6-433E-9FC2-9430CB2E2704}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{40F9AF48-BD48-48FC-BB48-F5FF3542BFDC}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{CBDC10DD-79D4-48DE-9171-8FA20E08E54F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-05-2017 10:52:06 Windows Update
29-05-2017 09:53:06 Windows Update
30-05-2017 11:31:37 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2017 12:52:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 11:38:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Index nebyl inicializován.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Aplikace nebyla inicializována.

Kontext: aplikace Windows

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Objekt indexování nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:26 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.TripoliIndexer> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Prvek nebyl nalezen. (HRESULT : 0x80070490) (0x80070490)

Error: (05/30/2017 11:38:24 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Modul plug-in v <Search.JetPropStore> nebyl inicializován.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:23 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Služba Windows Search nenačetla informace o úložišti vlastností.

Kontext: aplikace Windows, katalog SystemIndex

Podrobnosti:
Databáze indexu obsahu je poškozená. (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/30/2017 11:38:23 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Služba Windows Search byla zastavena, protože došlo k problému s indexovacím modulem The catalog is corrupt.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/30/2017 11:38:23 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vyhledávací služby zjistila, že index {id=4700} obsahuje poškozené datové soubory. Služba se pokusí tyto potíže automaticky odstranit vytvořením nového indexu.

Podrobnosti:
Katalog indexu obsahu je poškozený. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/30/2017 12:52:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 11:38:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 11:38:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (05/30/2017 11:38:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Windows Search ukončena s chybou %%-1073473535, specifickou pro službu.

Error: (05/30/2017 10:24:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
a APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
uživateli NT AUTHORITY\SYSTEM SID (S-1-5-18) z adresy LocalHost (pomocí LRPC). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 10:22:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba zařazování tisku neuspěla při spuštění v důsledku následující chyby:
Služba nebyla zahájena, protože se nepodařilo přihlásit.

Error: (05/30/2017 10:22:04 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba Spooler se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
Požadavek není podporován.


Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (05/30/2017 10:21:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Com4QLBEx byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/30/2017 10:21:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba hpqwmiex byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/30/2017 10:21:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 3071.3 MB
Available physical RAM: 1499.7 MB
Total Virtual: 6140.93 MB
Available Virtual: 4380.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:103.19 GB) (Free:36.03 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:8.16 GB) (Free:2.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DABFDABF)
Partition 1: (Active) - (Size=103.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
Partition 3: (Not Active) - (Size=8.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.047 - Log vytvořen 31/05/2017 v 08:10:29
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-05-30.2 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : Lukáš - LUKAS_NTB
# Spuštěno z : C:\Users\Lukáš\Downloads\adwcleaner_6.047.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Služba nalezena: EsgScanner


***** [ Složky ] *****

Nebyly nalezeny žádné škodlivé složky.


***** [ Soubory ] *****

Nebyly nalezeny žádné škodlivé soubory.


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Nebyly nalezeny žádné škodlivé položky registru.


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1697 Bajty] - [30/05/2017 10:21:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [2452 Bajty] - [30/05/2017 10:19:38]
C:\AdwCleaner\AdwCleaner[S1].txt - [1369 Bajty] - [31/05/2017 08:10:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1442 Bajty] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
Task: {61450F22-F5C8-46CE-9D80-7BC67C1D70FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {B82EB69A-EBF8-4FDC-8986-F6E6BE563382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
C:\Users\LUK~1\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:6DEA77C2 [130]
C:\Users\Lukáš\AppData\Roaming\dssftr1476_yp_tmp.tmp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

dobrý den,

VELMI DĚKUJU ZA RADY, udělal jsem vše jak bylo víše popsáno....zatím se hlášky od ESS objevují.


Fix result of Farbar Recovery Scan Tool (x86) Version: 02-06-2017
Ran by Lukáš (05-06-2017 07:44:07) Run:1
Running from C:\Users\Lukáš\Desktop
Loaded Profiles: Lukáš (Available Profiles: Lukáš)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
Task: {61450F22-F5C8-46CE-9D80-7BC67C1D70FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
Task: {B82EB69A-EBF8-4FDC-8986-F6E6BE563382} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-14] (Google Inc.)
C:\Users\LUK~1\AppData\Local\Temp
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:6DEA77C2 [130]
C:\Users\Lukáš\AppData\Roaming\dssftr1476_yp_tmp.tmp

EmptyTemp:
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61450F22-F5C8-46CE-9D80-7BC67C1D70FC} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61450F22-F5C8-46CE-9D80-7BC67C1D70FC} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B82EB69A-EBF8-4FDC-8986-F6E6BE563382} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82EB69A-EBF8-4FDC-8986-F6E6BE563382} => key removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key removed successfully.

"C:\Users\LUK~1\AppData\Local\Temp" folder move:

Could not move "C:\Users\LUK~1\AppData\Local\Temp" => Scheduled to move on reboot.

C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully..
C:\ProgramData\TEMP => ":6DEA77C2" ADS removed successfully..
C:\Users\Lukáš\AppData\Roaming\dssftr1476_yp_tmp.tmp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9452734 B
Java, Flash, Steam htmlcache => 757 B
Windows/system/drivers => 15884 B
Edge => 0 B
Chrome => 116736 B
Firefox => 375018424 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29574473 B
LocalService => 66356 B
NetworkService => 3426 B
Lukáš => 50346402 B

RecycleBin => 7467390 B
EmptyTemp: => 458.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-06-2017 07:46:51)

"C:\Users\LUK~1\AppData\Local\Temp" => Could not move

==== End of Fixlog 07:46:54 ====

Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. předem nic nemažte.

Dobrý den,

opět o kousek dál....tam toho je....

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/6/17
Scan Time: 1:39 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.0
Update Package Version: 1.0.2096
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Lukas_NTB\Luk\u00c3\u00a1\u00c5\u00a1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 245957
Threats Detected: 7
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 10 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [277], [-1],0.0.0

Registry Value: 5
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, [277], [391291],1.0.2096
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AUTOCONFIGURL, No Action By User, [277], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [277], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-2338316215-1332446549-4206670980-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [277], [-1],0.0.0
Hijack.AutoConfigURL.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [277], [-1],0.0.0

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.SpyHunter, C:\USERS\LUKáš\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, No Action By User, [927], [345850],1.0.2096

Physical Sector: 0
(No malicious items detected)


(end)

Smazáno. Nastala nějaká změna?

Smazal a po restartu hlaska objevila znova....udelal nový scan....a opět zaznamy v registrech...

Zkusíme vyčistit prohlížeče. Spusťte postupně tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

spustil jsem první SCAN a po 3 hodinach na me koukalo toto - jen nevim jestli proběhl restart nebo ne..

Jdu spustit druhý...


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Luk ç on źt 08.06.2017 at 13:23:27,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\LUK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 13:24:05,30 =====

--- Create Environment Variables 13:24:08,17
--- Create System Restore Point 13:24:19,92
--- Checking Input 13:24:56,45
--- Reset Hosts File 13:25:22,90
--- AU AppData Check 13:25:24,49
--- Remove From Windows Installer 13:25:33,27
--- Empty Folders Check 13:28:14,53
--- Registry HKLM Software Check 13:28:14,55
--- IE Startpage Check 13:29:12,14
--- Program Files DB Check 13:29:58,93
--- C:\Users\Default\AppData\ DB Check 13:31:30,05
--- C:\Users\Default User\AppData\ DB Check 13:31:30,05
--- C:\Users\LUK~1\AppData\ DB Check 13:31:30,05
--- C:\Windows\system32\config\systemprofile\AppData\ DB Check 13:31:30,05
--- C:\Windows\serviceprofiles\networkservice\AppData\ DB Check 13:31:30,05
--- C:\Windows\serviceprofiles\Localservice\AppData\ DB Check 13:31:30,05
--- C:\Users\LUK~1 DB Check 13:34:54,19
--- C:\PROGRA~2 DB Check 13:35:24,50
--- C:\Users\Default\AppData\Local DB Check 13:35:31,32
--- C:\Users\Default User\AppData\Local DB Check 13:35:31,32
--- C:\Users\LUK~1\AppData\Local DB Check 13:35:31,32
--- C:\Windows\system32\config\systemprofile\AppData\Local DB Check 13:35:31,32
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 13:35:31,32
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 13:35:31,32
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 13:37:51,40
--- C:\Users\LUK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 13:38:08,88
--- Tasks DB Check 13:38:20,00
--- Downloads DB Check 13:38:27,36
--- C:\Users\LUK~1\AppData\LocalLow DB Check 13:38:34,55
--- C:\Windows\system32\config\systemprofile\AppData\LocalLow DB Check 13:38:34,55
--- Tasks2 DB Check 13:39:09,79
--- Documents DB Check 13:40:01,23
--- C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default DB Check 13:40:12,66
--- C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default DB Check 13:40:12,66
--- C:\Users\Public\Desktop DB Check 13:40:20,57
--- C:\Users\LUK~1\Desktop DB Check 13:40:31,01
--- Services DB Check 13:40:44,77
--- FF prefs.js DB Check 13:41:29,37
--- Emptyclsid 13:43:51,16
--- Del by CLSID 13:43:54,28
--- Delete Services 13:44:24,43
--- Firefox Fix 13:44:27,60
--- Delete files\folders 13:44:31,76
--- Create Backups 13:44:32,00
--- Firefox Extensions 13:44:36,88

Pokud restart neproběhl, restartujte ručně.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Luk ç on źt 08.06.2017 at 13:23:27,54.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\LUK~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8.6.2017 13:24:51 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Softland deleted successfully
C:\PROGRA~2\CorelDRAW Graphics Suite X5 deleted successfully
C:\Users\LUK~1\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default\prefs.js:

Added to C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Softland not found
C:\PROGRA~2\Package Cache deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default
- Undetermined - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

ProfilePath: C:\Users\LUK~1\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default
- Undetermined - C:\Users\Lukáš\AppData\Roaming\Thunderbird\Profiles\s2galgd6.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Docs - LUK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Chromium Startpages ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences
"urls_to_restore_on_startup": [ "http://www.google.com" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\LUK~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\LUK~1\AppData\Local\Mozilla\Firefox\Profiles\u0hectbq.default\cache2 emptied successfully
C:\Users\LUK~1\AppData\Roaming\Mozilla\Firefox\Profiles\u0hectbq.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\LUK~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=4 7138453 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\LUK~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 12.06.2017 at 9:21:56,93 ======================




xxxxxxxxxxxxxxxxxxxxxx DRUHÝ xxxxxxxxxxxxxxxxxxxxxxxxxxxx




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x86
Ran by Luk ç (Administrator) on źt 08.06.2017 at 16:26:47,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7R19P13 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC7NUI4O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD78YK0R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luk ç\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ1SAH9U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7R19P13 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC7NUI4O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PD78YK0R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ1SAH9U (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 08.06.2017 at 16:31:29,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Změnilo se něco nyní?

Dobrý den,

stále se to objevuje....tak si říkám jestli to spíš celé nepřeinstaluju.

Lukáš