VIRY.CZ

u NTB po určitém čase spadne internet,outlook a odpojí se server. ovladače síťovky byly přeinstalovány aasi týden vše fungovalo. opět asi po 7 hodinách provozu opět mozila nenačetla stránku a odpojil se outlook a server. Při restartu se PC "odpojuje" a musí se natvrdo vypnout.

Zdravím!
Zkusíme to vyčistit, nemohu se ale zaručit, že problém má původ v malware. Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

tak posílám log.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.6.0
# -------------------------------
# Build: 12-18-2018
# Database: 2019-01-25.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-29-2019
# Duration: 00:00:02
# OS: Windows 7 Professional
# Cleaned: 17
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\zdenek.konecny\AppData\Local\Amigo
Deleted C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\Amigo
Deleted C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Deleted C:\Program Files (x86)\myfree codec
Deleted C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\..\Local\wupdate
Deleted C:\Users\zdenek.konecny\AppData\Local\MailRu
Deleted C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\MailRu
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted HKLM\Software\Wow6432Node\Myfree Codec
Deleted HKCU\Software\Microsoft\Gosearch
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
Deleted HKLM\Software\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Deleted HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2793 octets] - [29/01/2019 13:32:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Dejte nové logy FRST+Addition.

zdravím. při startu NTB se síťovka nechytila. porestartu se připojila.
posílám logy

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\NTBPSP01\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {9843796F-C869-4703-97A0-A4C72E2708E5} - System32\Tasks\GoogleUpdateTaskMachineUA1d130bbcb944903 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F9F82419-9BFC-4F65-85D7-7E78352DFF2C} - System32\Tasks\{33F62CF2-7C0C-48C5-833B-2CE87BD1CD23} => C:\Windows\system32\pcalua.exe -a C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\Temp\_tc\86251_USBE_software.exe <==== ATTENTION
Task: {FC340A4D-546F-4BB3-98F4-30CFED76B96F} - System32\Tasks\{CE7940B3-4E1F-475F-8959-916A40735A39} => C:\Windows\system32\pcalua.exe -a "C:\Users\zdenek.konecny.PTACEKPS\Documents\Moje přijaté soubory\TRN163.exe" -d "C:\Users\zdenek.konecny.PTACEKPS\Documents\Moje přijaté soubory\"
FirewallRules: [{DBB989E4-E488-401E-8C13-6F44C0A92153}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{5811C6E7-DEEF-4C56-9137-2184F9FA3F7F}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File

EmptyTemp:
Hosts:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

provedeno. posílám log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 30.01.2019
Ran by zdenek.konecny (30-01-2019 13:36:33) Run:1
Running from C:\Users\zdenek.konecny.PTACEKPS\Desktop
Loaded Profiles: zdenek.konecny (Available Profiles: zdenek.konecny & NTBPSP01 & admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\NTBPSP01\AppData\Local\Temp
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> No File
Task: {9843796F-C869-4703-97A0-A4C72E2708E5} - System32\Tasks\GoogleUpdateTaskMachineUA1d130bbcb944903 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {F9F82419-9BFC-4F65-85D7-7E78352DFF2C} - System32\Tasks\{33F62CF2-7C0C-48C5-833B-2CE87BD1CD23} => C:\Windows\system32\pcalua.exe -a C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\Temp\_tc\86251_USBE_software.exe <==== ATTENTION
Task: {FC340A4D-546F-4BB3-98F4-30CFED76B96F} - System32\Tasks\{CE7940B3-4E1F-475F-8959-916A40735A39} => C:\Windows\system32\pcalua.exe -a "C:\Users\zdenek.konecny.PTACEKPS\Documents\Moje p�ijat� soubory\TRN163.exe" -d "C:\Users\zdenek.konecny.PTACEKPS\Documents\Moje p�ijat� soubory\"
FirewallRules: [{DBB989E4-E488-401E-8C13-6F44C0A92153}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{5811C6E7-DEEF-4C56-9137-2184F9FA3F7F}] => (Allow) D:\Network\EpsonNetSetup\ENEasyApp.exe No File

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => removed successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\NTBPSP01\AppData\Local\Temp => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9843796F-C869-4703-97A0-A4C72E2708E5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9843796F-C869-4703-97A0-A4C72E2708E5}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d130bbcb944903 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d130bbcb944903" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9F82419-9BFC-4F65-85D7-7E78352DFF2C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F82419-9BFC-4F65-85D7-7E78352DFF2C}" => removed successfully
C:\Windows\System32\Tasks\{33F62CF2-7C0C-48C5-833B-2CE87BD1CD23} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33F62CF2-7C0C-48C5-833B-2CE87BD1CD23}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC340A4D-546F-4BB3-98F4-30CFED76B96F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC340A4D-546F-4BB3-98F4-30CFED76B96F}" => removed successfully
C:\Windows\System32\Tasks\{CE7940B3-4E1F-475F-8959-916A40735A39} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE7940B3-4E1F-475F-8959-916A40735A39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DBB989E4-E488-401E-8C13-6F44C0A92153}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5811C6E7-DEEF-4C56-9137-2184F9FA3F7F}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15657567 B
Java, Flash, Steam htmlcache => 1250 B
Windows/system/drivers => 4201775 B
Edge => 0 B
Chrome => 0 B
Firefox => 408580972 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
systemprofile32 => 70474 B
LocalService => 0 B
NetworkService => 19788 B
zdenek.konecny.PTACEKPS => 105827931 B
NTBPSP01 => 365730254 B
=> 0 B
admin => 136113 B
zdenek.konecny => 36336143 B

RecycleBin => 204038 B
EmptyTemp: => 901.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:36:44 ====

Smazáno. Nastala nějaká změna?

zatím vše funguje. uvidíme zítra. zatím moc děkuji.

OK, nechám to tu otevřené. Zatím není zač!

Zdravím. Po všerejším léčení se chtěl licencovat Acrobat. Dneska ráno jsem ho nainstaloval znovu a jede.
Asi po 2,5 hodinách provozu se opět nenačetla stránka a Outlook se pokoušel připojit na server . Po 5 minutové snaze vše zavřít a restart. po restartu opět vše OK.
posílám nový log.

Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

tak posílám logy:
Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by zdenek.konecny on źt 31.01.2019 at 13:06:57,36.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\zdenek.konecny.PTACEKPS\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31.1.2019 13:08:16 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Deskshare deleted successfully
C:\PROGRA~2\GUMB724.tmp deleted successfully
C:\PROGRA~2\KMPConnect deleted successfully
C:\PROGRA~2\Nokia deleted successfully
C:\Program Files\AnyDATA deleted successfully
C:\PROGRA~3\Elcomsoft Password Recovery deleted successfully
C:\Users\NTBPSP01\AppData\Local\GHISLER deleted successfully
C:\Users\NTBPSP01\AppData\Local\VirtualStore deleted successfully
C:\Users\zdenek.konecny\AppData\Local\calibre-cache deleted successfully
C:\Users\zdenek.konecny\AppData\Local\GHISLER deleted successfully
C:\Users\zdenek.konecny\AppData\Local\SystemDir deleted successfully
C:\Users\zdenek.konecny\AppData\Local\WMTools Downloaded Files deleted successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\GHISLER deleted successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\SystemDir deleted successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\WMTools Downloaded Files deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\web2pdfextension.17@acrobat.adobe.com deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\web2pdfextension.17@acrobat.adobe.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\ZDENEK~1.KON\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Поиск@Mail.Ru");
user_pref("browser.search.useDBForOrder", false);

Added to C:\Users\ZDENEK~1.KON\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\ZDENEK~1.KON\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default\prefs.js:

Added to C:\Users\ZDENEK~1.KON\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default\prefs.js:

Deleted from C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.selectedEngine", "Поиск@Mail.Ru");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\ZDENEK~1.PTA\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default\prefs.js:

Added to C:\Users\ZDENEK~1.PTA\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default\prefs.js:

ProfilePath: C:\Users\ZDENEK~1.KON\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238

---- FireFox user.js and prefs.js backups ----

user_31.01.2019_1332_.backup
prefs_31.01.2019_1332_.backup

ProfilePath: C:\Users\ZDENEK~1.KON\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_31.01.2019_1332_.backup

ProfilePath: C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238

---- Lines search.com removed from prefs.js ----
user_pref("browser.onboarding.tour.onboarding-tour-singlesearch.completed", true);
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", false);
---- Lines web2pdfextension.17@acrobat.adobe.com removed from prefs.js ----
user_pref("extensions.webextensions.uuids", "{\"web2pdfextension.17@acrobat.adobe.com\":\"5393704b-7bd4-40d9-9c74-53a6bb6628b3\",\"screenshots@mozilla
---- FireFox user.js and prefs.js backups ----

user_31.01.2019_1332_.backup
prefs_31.01.2019_1332_.backup

ProfilePath: C:\Users\ZDENEK~1.PTA\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_31.01.2019_1332_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Deskshare not found
C:\PROGRA~2\GUMB724.tmp not found
C:\PROGRA~2\KMPConnect not found
C:\PROGRA~2\Nokia not found
C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\calibre deleted
C:\Users\zdenek.konecny\.android deleted
C:\Users\zdenek.konecny.PTACEKPS\.android deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\zdenek.konecny\AppData\Local\cache deleted
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\oobelibMkey.log deleted
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\cache deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\oobelibMkey.log deleted
C:\Users\ZDENEK~1.KON\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\.autoreg deleted
C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\searchplugins\qipsearch.xml deleted
C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\.autoreg deleted
"C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\XnView\category.db" deleted
"C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\XnView\default.bar" deleted
"C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\XnView" deleted

==== Orphaned Tasks deleted from Registry ======================

Imperia Online D1 deleted
Imperia Online N deleted
Imperia Online W1 deleted
Imperia Online W2 deleted
Imperia Online W3 deleted
Imperia Online W4 deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ZDENEK~1.KON\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\ZDENEK~1.KON\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238
- IE Tab - C:\Users\zdenek.konecny\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\extensions\coralietab@mozdev.org
- IE Tab - C:\Users\zdenek.konecny\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
- IE Tab 2 FF 3.6 - C:\Users\zdenek.konecny\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
- IE Tab - %ProfilePath%\extensions\coralietab@mozdev.org
- WebTran - %ProfilePath%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- IE Tab - %ProfilePath%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
- TimeLapse for Firefox - %ProfilePath%\extensions\{7c402354-dd42-4ef3-8d2d-2aa1445b4747}.xpi

ProfilePath: C:\Users\ZDENEK~1.KON\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com

ProfilePath: C:\Users\ZDENEK~1.PTA\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238
- IE Tab - %ProfilePath%\extensions\coralietab@mozdev.org
- WebTran - %ProfilePath%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
- IE Tab 2 FF 3.6 - %ProfilePath%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
- IE Tab - %ProfilePath%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
- TimeLapse for Firefox - %ProfilePath%\extensions\{7c402354-dd42-4ef3-8d2d-2aa1445b4747}.xpi

ProfilePath: C:\Users\ZDENEK~1.PTA\AppData\Roaming\TomTom\HOME\Profiles\aex6rkh2.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.510.1234792@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_114.dll - [?]
B2F9B974857B8BA96734684813F6448C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
EEDFF839EE4882DDA6F423298478F5A3 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
- C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - [?]
- C:\Program Files x86\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - [?]


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[01.11.2017 15:27]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

C:\Users\NTBPSP01\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\NTBPSP01\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\NTBPSP01\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ZDENEK~1.PTA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\zdenek.konecny\AppData\Local\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\cache2 emptied successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\cache2 emptied successfully
C:\Users\ZDENEK~1.KON\AppData\Local\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\cache2 emptied successfully
C:\Users\ZDENEK~1.PTA\AppData\Local\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\NTBPSP01\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1259 folders=74 168405841 bytes)

==== Empty Temp Folders ======================

C:\Users\admin\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\zdenek.konecny\AppData\Local\Temp emptied successfully
C:\Users\zdenek.konecny.PTACEKPS\AppData\Local\Temp will be emptied at reboot
C:\Users\ZDENEK~1.KON\AppData\Local\Temp emptied successfully
C:\Users\ZDENEK~1.PTA\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ZDENEK~1.PTA\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on źt 31.01.2019 at 13:45:09,41 ======================




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by zdenek.konecny (Administrator) on źt 31.01.2019 at 13:47:24,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\user.js (File)

Deleted the following from C:\Users\zdenek.konecny.PTACEKPS\AppData\Roaming\Mozilla\Firefox\Profiles\v26ol8g8.default-1441634397238\prefs.js
user_pref(extensions.yasearch@yandex.ru.defender.homepage.enabled, );



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 31.01.2019 at 13:48:44,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK. Změnilo se něco nyní?

Zatím je všechno funkční. uvidíme zítra.