PC-HELP.CZ

Zdravím pánové, potřeboval bych zkontrolovat log, PC tak nějak běhá, ale chtěl vyčistit a hlavně mi nejde odinstalovat AVG.
Vyčištěno pomocí ATF, TFC, logy z AdwCleaner, JRT a MBAM.
Děkuji všem za čas.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:24:13, on 5.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)

FIREFOX: 47.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe
C:\Users\Michal\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\ctfmon.exe
C:\Users\Michal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avuirunnerx.exe" C:\Program Files\AVG\AVG2015\avgui.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Flvto CENZURA] "C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe" /minimize
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Michal\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Michal\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Users\Michal\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Michal\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files\MSI\Super-Charger\ChargeService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 9499 bytes

==============================================================

# AdwCleaner v6.044 - Logfile created 04/03/2017 at 18:30:30
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Michal - MICHAL-PC
# Running from : C:\Users\Michal\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\Michal\AppData\Local\SweetLabs App Platform
Folder Found: C:\Users\Michal\AppData\Roaming\FirefoxToolbar
Folder Found: C:\Users\Michal\AppData\Roaming\OpenCandy
Folder Found: C:\Users\Michal\AppData\Roaming\RHEng
Folder Found: C:\Users\Michal\AppData\Roaming\TornTV.com
Folder Found: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found: C:\ProgramData\IePluginServices
Folder Found: C:\ProgramData\smdmf
Folder Found: C:\ProgramData\WindowsMangerProtect
Folder Found: C:\ProgramData\Application Data\IePluginServices
Folder Found: C:\ProgramData\Application Data\smdmf
Folder Found: C:\ProgramData\Application Data\WindowsMangerProtect
Folder Found: C:\Program Files\Settings Manager
Folder Found: C:\Program Files\SupTab
Folder Found: C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Found: C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Folder Found: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Found: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\oppjbdkgpfhhllancffaoaemplhkngoc


***** [ Files ] *****

File Found: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Menu.lnk
File Found: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk
File Found: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
File Found: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
File Found: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default\invalidprefs.js
File Found: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default\searchplugins\default-search.xml
File Found: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oppjbdkgpfhhllancffaoaemplhkngoc_0.localstorage
File Found: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oppjbdkgpfhhllancffaoaemplhkngoc_0.localstorage-journal
File Found: C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.slunecnice.cz_0.localstorage
File Found: C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.slunecnice.cz_0.localstorage-journal
File Found: C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.slunecnice.cz_0.localstorage
File Found: C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.slunecnice.cz_0.localstorage-journal

===========================================================

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Ultimate x86
Ran by Michal (Administrator) on so 04.03.2017 at 18:35:40,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 12

Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal (File)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage-journal (File)
Successfully deleted: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)
Successfully deleted: C:\Users\Michal\Start Menu\Programs\uninstall flvto CENZURA.lnk (Shortcut)
Successfully deleted: C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Program Files\GUT214B.tmp (File)

Deleted the following from C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default\prefs.js
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7D6EF72C-E3D4-4FEE-BC8A-40F5AB84BC9D} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 04.03.2017 at 18:37:39,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=========================================================================

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 05.03.17
Čas skenování: 7:57
Logovací soubor: mbam.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1394
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x86
Systém souborů: NTFS
Uživatel: Michal-PC\Michal

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 405462
Uplynulý čas: 5 min, 29 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 4
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-1637766937-3487883021-3843187463-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}, V karanténě, [12958], [237679],1.0.1394
PUP.Optional.SettingsManager, HKU\S-1-5-21-1637766937-3487883021-3843187463-1004\SOFTWARE\SmdmF, V karanténě, [9091], [242949],1.0.1394
PUP.Optional.TornTV.OL, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Torntv, V karanténě, [2102], [339894],1.0.1394
PUP.Optional.SettingsManager, HKU\S-1-5-21-1637766937-3487883021-3843187463-1005\SOFTWARE\SmdmF, V karanténě, [9091], [242949],1.0.1394

Hodnota v registru: 5
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, V karanténě, [11345], [-1],0.0.0
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-1637766937-3487883021-3843187463-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DISPLAYNAME, V karanténě, [12958], [237679],1.0.1394
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-1637766937-3487883021-3843187463-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|URL, V karanténě, [12958], [237679],1.0.1394
PUP.Optional.DefaultSearch.ShrtCln, HKU\S-1-5-21-1637766937-3487883021-3843187463-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|SUGGESTIONSURL_JSON, V karanténě, [12958], [237679],1.0.1394
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-1637766937-3487883021-3843187463-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|FAVICONPATH, V karanténě, [11224], [253585],1.0.1394

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0

Odinstaluj:
McAfee Security Scan

AVG odinstaluj tímto:
http://www.avg.com/eu-en/utilities


Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Scan“, po prohledání klikni na „ Clean“

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY

64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

# AdwCleaner v6.044 - Logfile created 06/03/2017 at 15:24:59
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-02-28.2 [Local]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Michal - MICHAL-PC
# Running from : C:\Users\Michal\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [13608 Bytes] - [04/03/2017 18:32:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [837 Bytes] - [06/03/2017 15:24:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [13803 Bytes] - [04/03/2017 18:27:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [13831 Bytes] - [04/03/2017 18:30:30]
C:\AdwCleaner\AdwCleaner[S2].txt - [1377 Bytes] - [06/03/2017 15:24:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1130 Bytes] ##########

=====================================================

V MBAM jsem do karantény vložil soubory již při předchozím scanu a je tam celkem 19 položek.

Malwarebytes
http://www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 06.03.17
Čas skenování: 15:28
Logovací soubor: mbamok.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.75
Aktualizovat verzi balíku komponent: 1.0.1394
Licence: Bezplatný

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x86
Systém souborů: NTFS
Uživatel: Michal-PC\Michal

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 403585
Uplynulý čas: 3 min, 6 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

(end)

==================================================

RogueKiller V12.9.9.0 [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Michal [Práva správce]
Started from : C:\Users\Michal\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 03/06/2017 16:28:58 (Duration : 00:17:17)

¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path|PUP.Gen0] FlvtoYoutubeDownloader.exe(3444) -- C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe[-] -> Nalezeno
[Suspicious.Path] szndesktop.exe(3656) -- C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Nalezeno
[Suspicious.Path] 14697libfoxloader.dll(3176) -- C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\14697libfoxloader.dll[7] -> Nalezeno

¤¤¤ Registry : 5 ¤¤¤
[Suspicious.Path|PUP.Gen0] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Windows\CurrentVersion\Run | Flvto CENZURA : "C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe" /minimize [-] -> Nalezeno
[Suspicious.Path] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Michal\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7] -> Nalezeno
[Suspicious.Path] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7] -> Nalezeno
[Suspicious.Path] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #2 : C:\Users\Michal\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Michal\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session [x] -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=12454 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 4 ¤¤¤
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto CENZURA.lnk [LNK@] C:\Users\Michal\AppData\Local\FLVTOY~1\FLVTOY~1.EXE -> Nalezeno
[Tr.Gen0][Soubor] C:\Users\Michal\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Nalezeno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA -> Nalezeno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto CENZURA.lnk [LNK@] C:\Users\Michal\AppData\Local\FLVTOY~1\FLVTOY~1.EXE -> Nalezeno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Nahrán) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[99] : C:\Windows\System32\win32k.sys @ 0xffffffff9e498261 (call dword [0x83737d14])
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[129] : C:\Windows\System32\halmacpi.dll @ 0xffffffff83a34468 (call dword [0x8360d0b4])

¤¤¤ Webové prohlížeče : 7 ¤¤¤
[PUP.Gen2][Firefox:Addon] 5yvldk1t.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno
[PUM.HomePage][Firefox:Config] 5yvldk1t.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nalezeno
[PUM.SearchEngine][Firefox:Config] 5yvldk1t.default : user_pref("browser.search.selectedEngine", "Seznam"); -> Nalezeno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.seznam.cz/?clid=22668] -> Nalezeno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [seznam] -> Nalezeno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}] -> Nalezeno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [http://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DX 001-1CM162 SATA Disk Device +++++
--- User ---
[MBR] f852095eab1faca970d6ca60c467c004
[BSP] 8abbb336e759e025d41bbfbf3c486137 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] 8e9737343bfa63bf09ce4a0d4fa6c636
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7629 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe
http://download.bleepingcomputer.com/smeenk/
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.

AVG odinstalováno?

Vlož nový log z HJT + informuj o problémech

AVG řádně odinstalováno.

RogueKiller V12.9.9.0 [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Michal [Práva správce]
Started from : C:\Users\Michal\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 03/07/2017 14:09:31 (Duration : 00:17:28)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #2 : C:\Users\Michal\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Michal\AppData\Local\SweetLabs App Platform\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session [x] -> Smazáno
[PUM.HomePage] HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=12454 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.108.10.108 10.108.10.109 ([][]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.108.10.108 10.108.10.109 ([][]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B5ECD55-5289-43A1-A781-C58F64EC0141} | DhcpNameServer : 10.108.10.108 10.108.10.109 ([][]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5B5ECD55-5289-43A1-A781-C58F64EC0141} | DhcpNameServer : 10.108.10.108 10.108.10.109 ([][]) -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 4 ¤¤¤
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto CENZURA.lnk [LNK@] C:\Users\Michal\AppData\Local\FLVTOY~1\FLVTOY~1.EXE -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Michal\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA -> Odstran?no p?i restartu [91]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\cef.pak -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.BrowserSubprocess.Core.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.BrowserSubprocess.exe -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.Core.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.Core.xml -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.Wpf.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.Wpf.xml -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CefSharp.xml -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\cef_100_percent.pak -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\cef_200_percent.pak -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\cef_extensions.pak -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CommonControls.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\CommonUtils.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\d3dcompiler_43.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\d3dcompiler_47.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\de-DE\CommonControls.resources.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\de-DE\FlvtoYoutubeDownloader.resources.dll -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\de-DE -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\debug.log -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\devtools_resources.pak -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\DirectShowLib-2008.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\DownloadManager.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\en-US\CommonControls.resources.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\en-US\FlvtoYoutubeDownloader.resources.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\en-US -> Odstran?no p?i restartu [91]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\FFmpeg\ffmpeg.exe -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\FFmpeg -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\flvto 128x128 v2.ico -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoConverterSetupV1.0.9.exe -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe.config -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\Hardcodet.Wpf.TaskbarNotification.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\ICSharpCode.SharpZipLib.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\icudtl.dat -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\Id3Lib.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\it-IT\CommonControls.resources.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\it-IT\FlvtoYoutubeDownloader.resources.dll -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\it-IT -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\libcef.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\libEGL.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\libGLESv2.dll -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\locales -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\MediaLibrary.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\Mp3Lib.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\msvcp100.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\msvcr100.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\natives_blob.bin -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\Newtonsoft.Json.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\pt-PT\CommonControls.resources.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\pt-PT\FlvtoYoutubeDownloader.resources.dll -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\pt-PT -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\rtmpdump\rtmpdump.exe -> Smazáno
[PUP.Gen0][Složka] C:\Users\Michal\AppData\Local\Flvto CENZURA\rtmpdump -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\snapshot_blob.bin -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\UninstallFlvtoYoutubeDownloader.exe -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\vcredist_x86.exe -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\VideoHostsExtractor.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\widevinecdmadapter.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\WpfLocalization.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\Xceed.Wpf.Toolkit.dll -> Smazáno
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Local\Flvto CENZURA\YoutubeExtractor.dll -> Odstran?no p?i restartu [5]
[PUP.Gen0][Soubor] C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto CENZURA.lnk [LNK@] C:\Users\Michal\AppData\Local\FLVTOY~1\FLVTOY~1.EXE -> Odstran?no p?i restartu [2]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 7 ¤¤¤
[PUP.Gen2][Firefox:Addon] 5yvldk1t.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nevybráno
[PUM.HomePage][Firefox:Config] 5yvldk1t.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nahrazeno (about:home)
[PUM.SearchEngine][Firefox:Config] 5yvldk1t.default : user_pref("browser.search.selectedEngine", "Seznam"); -> Smazáno
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://www.seznam.cz/?clid=22668] -> Smazáno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [seznam] -> Smazáno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}] -> Smazáno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [http://suggest.fulltext.seznam.cz/fulltext_ff?phrase={searchTerms}] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DX 001-1CM162 SATA Disk Device +++++
--- User ---
[MBR] f852095eab1faca970d6ca60c467c004
[BSP] 8abbb336e759e025d41bbfbf3c486137 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
======================================================

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Michal on Łt 07.03.2017 at 14:37:59,12.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Michal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

7.3.2017 14:39:00 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\GUM1FA0.tmp deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\Users\Ivana\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Ivana\AppData\Local\EmieSiteList deleted successfully
C:\Users\Ivana\AppData\Local\EmieUserList deleted successfully
C:\Users\Nikola\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Nikola\AppData\Local\EmieSiteList deleted successfully
C:\Users\Nikola\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1637766937-3487883021-3843187463-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\syb2a0id.default-1433320312494\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/");

Added to C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\syb2a0id.default-1433320312494\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.order.1", "Seznam");

Added to C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\7jq5e2nz.default\prefs.js:

Added to C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\7jq5e2nz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\GUM1FA0.tmp not found
C:\Program Files\VstPlugins deleted
C:\Program Files\GUM214A.tmp deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Michal\AppData\Local\Unity deleted
C:\Users\Michal\AppData\LocalLow\Unity deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\syb2a0id.default-1433320312494
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\7jq5e2nz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\syb2a0id.default-1433320312494
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

ProfilePath: C:\Users\Nikola\AppData\Roaming\Mozilla\Firefox\Profiles\7jq5e2nz.default
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5yvldk1t.default
6DE7BF0DADC0881F7ED82D9FCC998B89 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
08C3C6B144EB5EBDE93263237C53DB14 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
F9D90EEC96E97411869E120E52B1AE0A - C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll - Google Update
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
FE5E10A1775D5B0EE862DBF3BC1283D3 - C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U60
41E59AEE190362FD0D6EF71DE5DCE427 - C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.600.27
540777CBBACF2EBF456EE5FEEA75845F - C:\Program Files\Battlelog Web Plugins\2.7.1\npbattlelog.dll - Battlelog Game Launcher
05F4E9B3912EA16B04C5928758E8AA75 - C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll - Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Michal\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
2025AB55D38329C4ACBCAAA7F72832B4 - C:\Program Files\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll - Battlelog Game Launcher


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


Seznam Lištička - Email - Ivana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Ivana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Seznam Lištička - Rychlá volba - Ivana\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - Ivana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Seznam Lištička - Email - Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Seznam Lištička - Rychlá volba - Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Seznam Lištička - Email - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Seznam Lištička - Rychlá volba - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - Nikola\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{041450BC-ED57-4A31-860A-F5EBFDF77D5C} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0FE981F8-53CB-42CE-9067-1546EDF16B7D} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454"
{16EA8A83-1E61-4ABD-8B66-462CAC125378} Bing Url="http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox"
{17394906-331F-4792-BE36-CE36CDD1E6E8} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454"
{26888E6A-639B-4B31-AEEC-4B1BF4B51419} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454"
{6A12067E-4C66-4701-B4D1-2A2A266FD6EE} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MSIM_csCZ608"
{7083E3A1-097E-452D-B7AA-ACBD3D5D3773} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454"
{E2FC8998-B03F-48BB-8F98-E6B8DD14A3FD} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454"
{EA1A97AA-D071-4F3F-B1EF-D75EF0374024} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454"

==== Reset Google Chrome ======================

C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Nikola\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data.tmp was reset successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\Nikola\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Nikola\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Michal\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Nikola\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Ivana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Nikola\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=129 folders=39 61291610 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ivana\AppData\Local\Temp emptied successfully
C:\Users\Michal\AppData\Local\Temp will be emptied at reboot
C:\Users\Nikola\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Michal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 07.03.2017 at 14:51:23,60 ======================
==============================================================================

emana AntiMalware 2.72.2.101 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.3.7
Operating System : Windows 7 32-bit
Processor : 4X AMD Athlon(tm) X4 760K Quad Core Processor
BIOS Mode : Legacy
CUID : 1203595AAA2B2722214D5C
Scan Type : Skenování systému
Duration : 6m 2s
Scanned Objects : 100985
Detected Objects : 6
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

14697libfoxloader.dll
Status : Skenováno
Object : %appdata%\seznam.cz\bin\14697libfoxloader.dll
MD5 : E58EACA639CD7EB45A4E2E22460727E3
Publisher : Seznam.cz, a.s.
Size : 78504
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %appdata%\seznam.cz\bin\14697libfoxloader.dll
DLL - 3260 - C:\Windows\explorer.exe
DLL - 3696 - C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
DLL - 3580 - C:\Program Files\MSI\Super-Charger\Super-Charger.exe
DLL - 3568 - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
DLL - 3872 - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
DLL - 3912 - C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
DLL - 2372 - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
DLL - 3004 - C:\Program Files\Google\Chrome\Application\chrome.exe
DLL - 2792 - C:\Windows\System32\wuauclt.exe
DLL - 3392 - C:\Program Files\Google\Chrome\Application\chrome.exe

lightspeed.dll
Status : Skenováno
Object : %appdata%\seznam.cz\bin\lightspeed.dll
MD5 : 7B12697B8A8D362F5694774A9D3055F8
Publisher : Seznam.cz, a.s.
Size : 862888
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %appdata%\seznam.cz\bin\lightspeed.dll
DLL - 3912 - C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

szndesktop.exe
Status : Skenováno
Object : %appdata%\seznam.cz\bin\szndesktop.exe
MD5 : 0A54B0BCD8BC203684C803FC3FB5C5A2
Publisher : Seznam.cz, a.s.
Size : 457384
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %appdata%\seznam.cz\bin\szndesktop.exe
Proces - 3912 - C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

wszndesktop.exe
Status : Skenováno
Object : %appdata%\seznam.cz\bin\wszndesktop.exe
MD5 : 177C7E1FB4793BFCC6B06D11D8032481
Publisher : Seznam.cz, a.s.
Size : 103080
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %appdata%\seznam.cz\bin\wszndesktop.exe
Záznam registru - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cz.seznam.software.szndesktop = "C:\Users\Michal\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q

szninstall.exe
Status : Skenováno
Object : %appdata%\seznam.cz\szninstall.exe
MD5 : 919F88F5158350947FB255358CEA4907
Publisher : Seznam.cz, a.s.
Size : 1062472
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %appdata%\seznam.cz\szninstall.exe
Záznam registru - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cz.seznam.software.autoupdate = "C:\Users\Michal\AppData\Roaming\Seznam.cz\szninstall.exe" -c

szninstall.exe
Status : Skenováno
Object : %programfiles%\seznam.cz\distribution\szninstall.exe
MD5 : 919F88F5158350947FB255358CEA4907
Publisher : Seznam.cz, a.s.
Size : 1062472
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\seznam.cz\distribution\szninstall.exe
Záznam registru - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seznam-listicka-distribuce = "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate


Cleaning Result
-------------------------------------------------------
Cleaned : 6
Reported as safe : 0
Failed : 0
======================================================================

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:08:04, on 7.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)

FIREFOX: 47.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\MSI\Super-Charger\Super-Charger.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zemana AntiMalware\ZAM.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Michal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files\GameforgeLive\Games\CZE_ces\4Story\PrePatch.exe
O4 - HKLM\..\Run: [ZAM] "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Flvto CENZURA] "C:\Users\Michal\AppData\Local\Flvto CENZURA\FlvtoYoutubeDownloader.exe" /minimize
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Michal\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files\MSI\Super-Charger\ChargeService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files\Zemana AntiMalware\ZAM.exe

--
End of file - 7368 bytes

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod



Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

PC běhá dobře, AVG odinstalováno. Vše v pořádku.

# DelFix v1.013 - Logfile created 08/03/2017 at 16:54:48
# Updated 17/04/2016 by Xplode
# Username : Michal - MICHAL-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Michal\Desktop\AdwCleaner.exe
Deleted : C:\Users\Michal\Desktop\HijackThis.exe
Deleted : C:\Users\Michal\Desktop\hijackthis.log
Deleted : C:\Users\Michal\Desktop\RogueKiller.exe
Deleted : C:\Users\Michal\Desktop\zoek-results.txt
Deleted : C:\Users\Michal\Desktop\zoek.exe
Deleted : C:\Users\Michal\Downloads\log.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools

~ Cleaning system restore ...

Deleted : RP #284 [Scheduled Checkpoint | 12/15/2016 14:21:09]
Deleted : RP #285 [Scheduled Checkpoint | 12/22/2016 19:24:51]
Deleted : RP #286 [Scheduled Checkpoint | 12/29/2016 20:44:18]
Deleted : RP #287 [Scheduled Checkpoint | 01/06/2017 12:17:05]
Deleted : RP #288 [Windows Update | 01/11/2017 23:33:36]
Deleted : RP #289 [Scheduled Checkpoint | 01/19/2017 16:24:32]
Deleted : RP #290 [Scheduled Checkpoint | 02/03/2017 10:49:45]
Deleted : RP #291 [Scheduled Checkpoint | 02/11/2017 11:53:27]
Deleted : RP #292 [Scheduled Checkpoint | 02/19/2017 11:59:59]
Deleted : RP #293 [Scheduled Checkpoint | 02/28/2017 08:23:30]
Deleted : RP #294 [Removed AVG 2015 | 03/04/2017 17:05:47]
Deleted : RP #295 [Odebráno: AVG PC TuneUp 2015 | 03/04/2017 17:09:54]
Deleted : RP #296 [Odebráno: AVG PC TuneUp 2015 (cs-CZ) | 03/04/2017 17:10:20]
Deleted : RP #297 [Removed AVG 2015 | 03/04/2017 17:10:44]
Deleted : RP #298 [JRT Pre-Junkware Removal | 03/04/2017 17:35:58]
Deleted : RP #299 [Removed AVG 2015 | 03/04/2017 17:38:22]
Deleted : RP #300 [Installed Sophos Virus Removal Tool. | 03/06/2017 14:42:42]
Deleted : RP #301 [zoek.exe restore point | 03/07/2017 13:38:50]

New restore point created !

########## - EOF - ##########

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Děkuji za tvé rady a čas.