Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:26:31, on 7.5.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18921)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\IObit\Driver Booster\5.2.0\Scheduler.exe
C:\Users\Slávek\Desktop\Software\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12757 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-02.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-07-2018
# Duration: 00:01:03
# OS: Windows 7 Home Premium
# Scanned: 40818
# Detected: 87


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Users\Slávek\AppData\Roaming\IObit\Advanced SystemCare
Rogue.ForcedExtension C:\Users\Slávek\AppData\Local\apn

***** [ Files ] *****

PUP.Optional.Legacy C:\END

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9BFFEC6-6E95-4373-9929-505070AFFE4}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F938CB13-9ED4-4C1F-940-B8B5388063B6}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F31A1615-5450-4381-BEEE-785DE04F325}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE62655-D8-4CA0-B7F5-1045DC9FFBA6}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6274E3A-2E30-457D-829-BF36341CD8C8}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C3BD59-E21F-4F89-9F75-588FA7AEC8C}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBBB90D0-7FE6-43D5-B5DD-B3BF10E8C1BF}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB7D2117-F738-4334-BA3B-B8DBEDB9BFA1}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA18AADD-841D-4B54-ACA1-E82538F7E0A4}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8E61FAB-2853-47E9-A857-7474018E121}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D79AFC30-C386-4B9B-A719-B0C949DEF3D5}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D39F6C47-3F38-41FD-9227-17A9F5FC3FC2}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D23D0810-341A-4D7A-B63-3F567D5C698}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF98A95A-F1E2-48AC-BC4E-B450E16997C}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE3BE6AC-BBFA-455B-A5E4-AF6CF0F7CE25}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB664BD2-FD0C-4E27-AF8F-3CBDDBE4233B}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C71F5E93-6DF-4D3A-AD90-F9A2FF3C8169}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF28D85E-E4B3-4149-97EA-9CD54176FF6C}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBDFA6B3-D9EB-4E1C-8A27-A08F75AF3181}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA110AB8-1148-471C-95AD-C28DFE2828D5}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B946C3-E999-47E2-ABAF-BB42A775E17}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7FFE84D-FB7C-45BD-91A-8A5AD8A5A53}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3BA5AB4-89EB-462D-9E9-865AF21EC7B}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3A4041-A8E3-4737-8941-CE8D318430E8}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0C47649-3A90-4832-8487-6C9219EBE9C5}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD54F25A-1C8E-4C7D-9E9D-349ABC2887}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD40D425-707D-485E-AAA5-BB4A98F2B67}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD0781A2-AD48-4ED7-B714-F756A97F6A}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB0915F2-CE53-4647-B294-D3266D59BB34}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5313E38-A368-4BC5-AEFD-E07BBE2ED5B8}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FE2307B-ADA5-4E8C-80C7-F5C51035CB5}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC1640B-1A6E-4B69-8D9-86C8E7C041E}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BE1ADDD-274F-4AF4-AFB1-6E253484A14}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{999FD8CB-5771-49D5-AE4A-CCF8C5CB625}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96F3C2A-C7A5-44DD-BF74-922371136623}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9687E4B3-D9A-4292-B9F-EBF5328198F}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94B6C253-4FB0-432A-A7EE-2AA43F25326}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93C37A09-A85C-4DD0-A228-8D69C71E91C5}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9347487-723A-4978-8B38-32D91ADAAC2}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E0EE70-F793-44BF-AF17-C8D2086DE81}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FA0AEF-A143-4548-98BC-7E3CB4E16BAE}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89C69EDF-88E4-4C5B-B289-3D3D1E602765}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87BD9B04-7C5B-45A3-8811-FB15EBC45FBA}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83EC4DF2-6CC-48B0-B3F2-31FA694F116C}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F151D27-D272-4B88-891-506DF1A0AF3B}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EE74659-826A-48D6-BF68-2D1815CC6F5F}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B3E438-B0CA-4BE0-B4FE-27AA95ED13E}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7433FCC4-342B-4D20-9464-C346198F672D}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{724529A5-D0D7-44E3-9052-6CC64BB67AF9}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67D98CAE-425A-4976-9C59-83D3575595F}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6774B82C-5ADE-45FA-B568-668426C1D2D}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67184277-A6F2-4540-9D23-D94BF9BB3A9E}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6657E6E0-2C3F-4100-A5D7-9FE3D506176}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6481766D-A4AE-4EAB-813C-8EA94F61BC9C}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6403C04B-5559-4313-861-B91FBBAFB599}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FC60427-7E9-4DA2-A64E-6B53DA86F945}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ABFF999-754-4D7B-BE86-FAE2BDFC44AD}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{588C515-AA8D-461A-BC53-264CFF9EE876}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D6BFA09-FBA7-45DB-B980-7BA9F2F5BA90}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B4EBE96-6C96-48EC-8350-1870C0758B5}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4686C851-5062-4946-96BC-85735191304A}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41B61DBD-AE9D-4066-AA9D-96AE4553A7B}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F181193-6A53-44FE-9E33-D01AAFD8AD98}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA5CC57-112D-47CE-AD44-266D645C7F4}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{338B8C9E-3814-4370-9BDB-3D23665B6EB2}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F28C89D-1616-44A0-9420-67BBF7D3206D}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EFF4E67-5FB1-44EB-8C1A-6346A87BB28}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2974F54A-9451-43E7-986A-FD24A6D374F}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29508496-C2BC-4CD9-827E-9FDB7CC474F}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2458F6A5-3028-4724-96F5-F095C2796B35}
PUP.CrossRider.Heuristic HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2375D37-8742-4833-BB38-17CDB98F5BD4}
PUP.Optional.BrowseFox.A HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
PUP.Optional.Conduit HKCU\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit HKCU\Software\Conduit
PUP.Optional.Conduit HKLM\Software\Wow6432Node\Conduit
PUP.Optional.Legacy HKCU\Software\Appscion
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9701F425-0F57-43E2-8897-B75456A54593}
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
PUP.Winlogon.Heuristic HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Fassurun fassurun

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

PUP.Optional.Legacy websearch.ask.com



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 07.05.18
Čas skenování: 19:57
Logovací soubor: 204714d3-5220-11e8-93f9-000000000000.json
Správce: Ano

-Informace o softwaru-
Verze: 3.3.1.2183
Verze komponentů: 1.0.262
Aktualizovat verzi balíku komponent: 1.0.5018
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: Slavek-HP\Sl\u00c3\u00a1vek

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 284724
Zjištěné hrozby: 0
(Nebyly zjištěny žádné škodlivé položky)
Hrozby umístěné do karantény: 0
(Nebyly zjištěny žádné škodlivé položky)
Uplynulý čas: 6 min, 39 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Varovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Skenování“ , po prohledání klikni na „ Čištění“

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-07.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-08-2018
# Duration: 00:00:07
# OS: Windows 7 Home Premium
# Cleaned: 86
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Slávek\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Slávek\AppData\Local\apn

***** [ Files ] *****

Deleted C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9BFFEC6-6E95-4373-9929-505070AFFE4}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F938CB13-9ED4-4C1F-940-B8B5388063B6}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F31A1615-5450-4381-BEEE-785DE04F325}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE62655-D8-4CA0-B7F5-1045DC9FFBA6}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6274E3A-2E30-457D-829-BF36341CD8C8}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C3BD59-E21F-4F89-9F75-588FA7AEC8C}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DBBB90D0-7FE6-43D5-B5DD-B3BF10E8C1BF}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB7D2117-F738-4334-BA3B-B8DBEDB9BFA1}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA18AADD-841D-4B54-ACA1-E82538F7E0A4}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8E61FAB-2853-47E9-A857-7474018E121}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D79AFC30-C386-4B9B-A719-B0C949DEF3D5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D39F6C47-3F38-41FD-9227-17A9F5FC3FC2}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D23D0810-341A-4D7A-B63-3F567D5C698}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF98A95A-F1E2-48AC-BC4E-B450E16997C}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE3BE6AC-BBFA-455B-A5E4-AF6CF0F7CE25}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB664BD2-FD0C-4E27-AF8F-3CBDDBE4233B}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C71F5E93-6DF-4D3A-AD90-F9A2FF3C8169}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BF28D85E-E4B3-4149-97EA-9CD54176FF6C}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBDFA6B3-D9EB-4E1C-8A27-A08F75AF3181}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA110AB8-1148-471C-95AD-C28DFE2828D5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B946C3-E999-47E2-ABAF-BB42A775E17}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7FFE84D-FB7C-45BD-91A-8A5AD8A5A53}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3BA5AB4-89EB-462D-9E9-865AF21EC7B}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3A4041-A8E3-4737-8941-CE8D318430E8}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0C47649-3A90-4832-8487-6C9219EBE9C5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD54F25A-1C8E-4C7D-9E9D-349ABC2887}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD40D425-707D-485E-AAA5-BB4A98F2B67}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD0781A2-AD48-4ED7-B714-F756A97F6A}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB0915F2-CE53-4647-B294-D3266D59BB34}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5313E38-A368-4BC5-AEFD-E07BBE2ED5B8}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FE2307B-ADA5-4E8C-80C7-F5C51035CB5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FC1640B-1A6E-4B69-8D9-86C8E7C041E}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9BE1ADDD-274F-4AF4-AFB1-6E253484A14}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{999FD8CB-5771-49D5-AE4A-CCF8C5CB625}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96F3C2A-C7A5-44DD-BF74-922371136623}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9687E4B3-D9A-4292-B9F-EBF5328198F}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94B6C253-4FB0-432A-A7EE-2AA43F25326}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93C37A09-A85C-4DD0-A228-8D69C71E91C5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9347487-723A-4978-8B38-32D91ADAAC2}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E0EE70-F793-44BF-AF17-C8D2086DE81}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8FA0AEF-A143-4548-98BC-7E3CB4E16BAE}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89C69EDF-88E4-4C5B-B289-3D3D1E602765}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87BD9B04-7C5B-45A3-8811-FB15EBC45FBA}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83EC4DF2-6CC-48B0-B3F2-31FA694F116C}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F151D27-D272-4B88-891-506DF1A0AF3B}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EE74659-826A-48D6-BF68-2D1815CC6F5F}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B3E438-B0CA-4BE0-B4FE-27AA95ED13E}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7433FCC4-342B-4D20-9464-C346198F672D}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{724529A5-D0D7-44E3-9052-6CC64BB67AF9}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67D98CAE-425A-4976-9C59-83D3575595F}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6774B82C-5ADE-45FA-B568-668426C1D2D}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{67184277-A6F2-4540-9D23-D94BF9BB3A9E}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6657E6E0-2C3F-4100-A5D7-9FE3D506176}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6481766D-A4AE-4EAB-813C-8EA94F61BC9C}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6403C04B-5559-4313-861-B91FBBAFB599}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FC60427-7E9-4DA2-A64E-6B53DA86F945}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5ABFF999-754-4D7B-BE86-FAE2BDFC44AD}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{588C515-AA8D-461A-BC53-264CFF9EE876}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4D6BFA09-FBA7-45DB-B980-7BA9F2F5BA90}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B4EBE96-6C96-48EC-8350-1870C0758B5}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4686C851-5062-4946-96BC-85735191304A}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{41B61DBD-AE9D-4066-AA9D-96AE4553A7B}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F181193-6A53-44FE-9E33-D01AAFD8AD98}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA5CC57-112D-47CE-AD44-266D645C7F4}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{338B8C9E-3814-4370-9BDB-3D23665B6EB2}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2F28C89D-1616-44A0-9420-67BBF7D3206D}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EFF4E67-5FB1-44EB-8C1A-6346A87BB28}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2974F54A-9451-43E7-986A-FD24A6D374F}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29508496-C2BC-4CD9-827E-9FDB7CC474F}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2458F6A5-3028-4724-96F5-F095C2796B35}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2375D37-8742-4833-BB38-17CDB98F5BD4}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted HKCU\Software\AppDataLow\Software\Conduit
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\Appscion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64388EB5-EDF6-4FC6-8473-44500E5BAF3F}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit

***** [ Chromium (and derivatives) ] *****

Deleted fassurun

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

Not Deleted websearch.ask.com


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Sl vek (Administrator) on Łt 08.05.2018 at 6:41:26,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 40

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{067128DD-6424-4EE3-AABC-1E0DE8AB3AD6} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{0DDF6C67-C847-444B-908B-7DA13514388E} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{1BF472A4-5BED-41CF-BB95-A1FA75152FD6} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{1FF90112-A976-4E51-B0F3-EF8B09DB42F2} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{26FD4ADB-77CD-46B0-AFD6-3AC91FD7D2B7} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{2C00915F-7126-4D2E-B908-93068FC3962A} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{2FC39267-2F31-465E-9AB9-52A7510BB1F3} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{3315C575-0D25-4BB9-8883-0918DC62AB3A} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{4EFC19DF-42A3-4366-9C8E-66319A0B72B3} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{55578091-8ED8-454B-8BD7-BB253824A972} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{658311C4-97C8-435B-A296-59D93026BB30} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{65960D37-BE6D-4CA5-AC85-659F00A7A864} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{70147108-195C-4A8A-891F-7CA99F99C4D8} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{CEDEBD76-98F8-43D3-9A52-9ADECA113B01} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{D69618A4-F5C7-4223-9463-6B94D642EF74} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{EAE69A7A-7E45-42BA-98F1-9F59F18E23F5} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\{EBF671A5-E2DD-4C32-A608-A0515187C59B} (Empty Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\Sl vek\Documents\my pagemanager (Folder)
Successfully deleted: C:\windows\system32\newsoft (File)
Successfully deleted: C:\windows\system32\Tasks\Driver Booster SkipUAC (Sl vek) (Task)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P9B6958 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QG1MA05 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9N2JWTYR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBOGMQCB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3WAGF1I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQ3OCI5Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN7G5FGW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sl vek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2AZL95Z (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2P9B6958 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4QG1MA05 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9N2JWTYR (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBOGMQCB (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3WAGF1I (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NQ3OCI5Y (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RN7G5FGW (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2AZL95Z (Temporary Internet Files Folder)

Deleted the following from C:\Users\Sl vek\AppData\Roaming\Mozilla\Firefox\Profiles\jmbmjwdd.default\prefs.js
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(browser.urlbar.suggest.searches, false);
user_pref(extensions.ac4d22aeb96c2487391c195a7a726b3424ef9d62479c842e0b8a98fd3126fefc8com45362.45362.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 08.05.2018 at 6:46:41,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V12.12.16.0 (x64) [May 4 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Slávek [Práva správce]
Started from : C:\Users\Slávek\Desktop\RogueKiller_portable64.exe
Mód : Prohledat -- Datum : 05/08/2018 10:34:10 (Duration : 00:38:16)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3592201584-1633403507-2143339951-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3592201584-1633403507-2143339951-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.10.10.10 ([]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.10.10.10 ([]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{152B3AD0-6C77-4BD5-933F-3FA9E4ACB036} | DhcpNameServer : 10.10.10.10 ([]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{152B3AD0-6C77-4BD5-933F-3FA9E4ACB036} | DhcpNameServer : 10.10.10.10 ([]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 4 ¤¤¤
[PUM.HomePage][Firefox:Config] jmbmjwdd.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nalezeno
[PUM.SearchEngine][Firefox:Config] jmbmjwdd.default : user_pref("browser.search.selectedEngine", "Seznam"); -> Nalezeno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.seznam.cz/] -> Nalezeno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.seznam.cz/] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEKT-60KA9T0 ATA Device +++++
--- User ---
[MBR] c7c9d27350a037157510525372c37cdf
[BSP] 70556fd4de9f17ba91ae7b49d6559095 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 459235 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 941129728 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 972587008 | Size: 2043 MB
User = LL1 ... OK
User = LL2 ... OK

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:


Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.

Vlož nový log z HJT + informuj o problémech

RogueKiller V12.12.16.0 (x64) [May 4 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Slávek [Práva správce]
Started from : C:\Users\Slávek\Desktop\RogueKiller_portable64.exe
Mód : Smazat -- Datum : 05/08/2018 19:56:30 (Duration : 00:39:08)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3592201584-1633403507-2143339951-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3592201584-1633403507-2143339951-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.10.10.10 ([]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.10.10.10 ([]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{152B3AD0-6C77-4BD5-933F-3FA9E4ACB036} | DhcpNameServer : 10.10.10.10 ([]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{152B3AD0-6C77-4BD5-933F-3FA9E4ACB036} | DhcpNameServer : 10.10.10.10 ([]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 4 ¤¤¤
[PUM.HomePage][Firefox:Config] jmbmjwdd.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nahrazeno (about:home)
[PUM.SearchEngine][Firefox:Config] jmbmjwdd.default : user_pref("browser.search.selectedEngine", "Seznam"); -> Smazáno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.seznam.cz/] -> Smazáno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.seznam.cz/] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEKT-60KA9T0 ATA Device +++++
--- User ---
[MBR] c7c9d27350a037157510525372c37cdf
[BSP] 70556fd4de9f17ba91ae7b49d6559095 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 459235 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 941129728 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 972587008 | Size: 2043 MB
User = LL1 ... OK
User = LL2 ... OK

Zoek se zasekne na:

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Sl vek on st 09.05.2018 at 5:54:42,74.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\SLVEK~1\Desktop\zoek(1).exe [Scan all users] [Script inserted]

===== Runcheck 5:55:48,62 =====

--- Create Environment Variables 5:55:50,26
--- Checking Input 5:58:32,87
--- Reset Hosts File 5:59:07,07
--- AU AppData Check 5:59:07,66
--- Remove From Windows Installer 5:59:13,48
--- Registry HKLM Software Check 6:05:26,44
--- IE Startpage Check 6:06:24,97
--- Program Files DB Check 6:07:46,22
--- C:\Users\Default\AppData\ DB Check 6:09:38,02
--- C:\Users\Default User\AppData\ DB Check 6:09:38,02
--- C:\windows\SysNative\config\systemprofile\AppData\ DB Check 6:09:38,02
--- C:\windows\sysWoW64\config\systemprofile\AppData\ DB Check 6:09:38,02
--- C:\windows\serviceprofiles\networkservice\AppData\ DB Check 6:09:38,02
--- C:\windows\serviceprofiles\Localservice\AppData\ DB Check 6:09:38,02
--- C:\Users\SLVEK~1 DB Check 6:14:28,59
--- C:\PROGRA~3 DB Check 6:15:12,83
--- C:\Users\Default\AppData\Local DB Check 6:15:40,18
--- C:\Users\Default User\AppData\Local DB Check 6:15:40,18
--- C:\windows\SysNative\config\systemprofile\AppData\Local DB Check 6:15:40,18
--- C:\windows\sysWoW64\config\systemprofile\AppData\Local DB Check 6:15:40,18
--- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check 6:15:40,18
--- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check 6:15:40,18
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 6:18:56,32
--- C:\Users\SLVEK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs DB Check 6:19:22,29
--- Tasks DB Check 6:19:37,69
--- Downloads DB Check 6:19:47,80
--- C:\windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 6:19:57,45
--- C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 6:19:57,45
--- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 6:19:57,45
--- Tasks2 DB Check 6:21:06,41
--- Documents DB Check 6:22:24,13
--- C:\Users\SLVEK~1\AppData\Roaming\Mozilla\Firefox\Profiles\jmbmjwdd.default DB Check 6:22:42,81
--- C:\Users\Public\Desktop DB Check 6:22:49,09
--- C:\Users\SLVEK~1\Desktop DB Check 6:23:03,50
--- Services DB Check 6:23:33,08
--- FF prefs.js DB Check 6:24:58,57
--- Emptyclsid 6:26:37,77
--- Del by CLSID 6:26:45,93
--- Delete Services 6:27:31,25
--- Firefox Fix 6:27:35,93
--- Firefox Extensions 6:27:47,05

nechal jsem to ještě půl hodiny a nic. Stalo se to podruhé na tom samém místě.

Zemana AntiMalware 2.74.1.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.5.9
Operating System : Windows 7 64-bit
Processor : 2X AMD Turion(tm) II P560 Dual-Core Processor
BIOS Mode : Legacy
CUID : 121992A7D8D2E967DF5128
Scan Type : Skenování systému
Duration : 24m 3s
Scanned Objects : 168830
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status : Skenováno
Object : Ask.com - http://websearch.ask.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Firefox Search

wrc@avast.com
Status : Skenováno
Object : %appdata%\mozilla\firefox\profiles\jmbmjwdd.default\extensions\wrc@avast.com.xpi
MD5 : 904CC438CF06B7697F59FE962D612781
Publisher : -
Size : 707252
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - wrc@avast.com
Soubor - %appdata%\mozilla\firefox\profiles\jmbmjwdd.default\extensions\wrc@avast.com.xpi

DPProCsp.dll
Status : Neúspěšné
Object : %systemroot%\syswow64\dpprocsp.dll
MD5 : 2041226985E4077AB740BF9EB1AACD2F
Publisher : DigitalPersona, Inc.
Size : 284496
Version : 5.1.0.396
Detection :
Cleaning Action : Karanténa
Related Objects :
Soubor - %systemroot%\syswow64\dpprocsp.dll
Záznam registru - HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\DigitalPersona RSA and AES One Touch CSP\Image Path = c:\Windows\SysWOW64\DPProCsp.dll
Záznam registru - HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\DigitalPersona RSA One Touch CSP\Image Path = c:\Windows\SysWOW64\DPProCsp.dll


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0