Prosím o kotrolu logu Vyřešeno

[stalkerman]

tak jsem se rozhodl že na vaše rady,udělám log a pošlu ho sem,tak tady je
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:35:20, on 15.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 36.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\David\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\David\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\David\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 65.112.87.186 master.gamespy.com
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\David\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [RGSC] D:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\hry\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 8317 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[stalkerman]

log z AdwCleaner
# AdwCleaner v4.112 - Logfile created 16/03/2015 at 17:07:50
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : SPPD

***** [ Files / Folders ] *****

File Found : C:\END
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\Users\David\AppData\Local\SearchProtect

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 cs)


-\\ Google Chrome v


-\\ Chromium v

*************************

AdwCleaner[R0].txt - [1280 bytes] - [16/03/2015 17:07:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1339 bytes] ##########

log z malwarebyte
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 16.3.2015
Scan Time: 17:12:52
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.16.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315340
Time Elapsed: 7 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, , [a390c581b2d8d56135a0b3297c8951af],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [7db6133384060a2c568c93a2966f9769],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT, , [b281b690256565d1118e5b7e679c2bd5],

Registry Values: 2
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\SEARCHPROTECT|InstallDir, C:\PROGRA~1\SearchProtect, , [b281b690256565d1118e5b7e679c2bd5]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, , [9f943a0c8505e74faa98c50e24dfb24e]

Registry Data: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll, Good: (), Bad: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll),,[330082c4cdbdaa8cec8fe0d8ce3338c8]

Folders: 24
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\rep, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\rep, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\STG, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\UI, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\UI\rep, , [70c34ef87b0fc0762e6e4d36d03354ac],

Files: 82
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC32Loader.dll, , [330082c4cdbdaa8cec8fe0d8ce3338c8],
PUP.Optional.SearchProtect, C:\Windows\System32\drivers\SPPD.sys, , [a390c581b2d8d56135a0b3297c8951af],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\EULA.txt, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\cfi.bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\edk.bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\pni.bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\SystemRepository.dat, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\Main\rep\trn.bin, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\RN32.dll, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\SPtool64.exe, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\SearchProtect\bin\VC64Loader.dll, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings.html, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\style.css, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.css, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.html, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\consent.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Consent\defaults.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def-grey.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-default.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-dia.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bg.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgNotif.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettings.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnBlue.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnClose.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\btnSilver.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\button-bg.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-def.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\gray-bg.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-def.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez-selected.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\hez.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\icon-win.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Icon.ico, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\info-icon.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\menu-selected.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\radio-button2.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\text-field.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\v.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\Images\x.png, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\defaults.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\DialogAPI.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\dialogUtils.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\json2.min.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\libs\main.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\defaults.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.css, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.html, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protection\protection.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\defaults.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\defaults.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.css, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.html, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\settings\settings.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\defaults.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Program Files\SearchProtect\UI\dialogs\uninstall\uninstall.js, , [122140066129f541cd6872aa9f6610f0],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [70c34ef87b0fc0762e6e4d36d03354ac],
PUP.Optional.SearchProtect.A, C:\Users\David\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [70c34ef87b0fc0762e6e4d36d03354ac],

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[stalkerman]

log ADWCleaner
# AdwCleaner v4.112 - Logfile created 19/03/2015 at 14:48:36
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : SPPD

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\David\AppData\Local\SearchProtect
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\VC32Loader.dll

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 cs)


-\\ Google Chrome v


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1418 bytes] - [16/03/2015 17:07:50]
AdwCleaner[R1].txt - [1477 bytes] - [19/03/2015 14:46:46]
AdwCleaner[S0].txt - [1428 bytes] - [19/03/2015 14:48:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1487 bytes] ##########

Log JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x86
Ran by David on źt 19.03.2015 at 14:52:06,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C1B81A1F-0B99-4032-82AE-8AE536B58DA9}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\1bdplhbh.default-1422108646156\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 19.03.2015 at 14:54:32,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log Malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 19.3.2015
Čas skenování: 14:56:37
Protokol: malwarebytes log 2.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.03.19.04
Databáze rootkitů: v2015.02.25.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: David

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 315622
Uplynulý čas: 7 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 1
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [9fc12d1a137748ee71f8c47535d09e62],

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 1
PUP.Optional.SearchProtect, C:\Windows\System32\drivers\SPPD.sys, , [0e522225444675c105a1bb25050001ff],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

Log RogueKiller
RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : David [Práva správce]
Started from : C:\Users\David\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 03/19/2015 15:14:56

¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path] szninstall.exe(3888) -- C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] szndesktop.exe(2172) -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] explorer.exe(1936) -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\26587libfoxloader.dll[7] -> Uvolněno

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> Nalezeno
[Suspicious.Path] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=13415 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 5 ¤¤¤
[Troj.Generic] \\{047F0B25-08E9-46FA-B641-5930746786CF} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Nalezeno
[Troj.Generic] \\{52A76004-E45C-4AD5-B599-D5C7A92855A1} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Nalezeno
[Troj.Generic] \\{5D292138-B500-444A-9B7D-D49867455B73} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Nalezeno
[Troj.Generic] \\{941FE984-D27F-4351-8D5D-2A8F3580F372} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Nalezeno
[Troj.Generic] \\{E9C0BBA8-0F05-49F9-95B2-25F608BBD485} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 65.112.87.186 master.gamespy.com

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 1bdplhbh.default-1422108646156 : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 393bded003480f33d336f052248847c7
[BSP] 668882ef52f211263f2f67caf43ab78d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 82780 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 169533945 | Size: 394157 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[jaro3]

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[stalkerman]

log malwarebyte
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21.3.2015
Čas skenování: 13:46:26
Protokol: malwarebytes log 3.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.03.21.04
Databáze rootkitů: v2015.02.25.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: David

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 316193
Uplynulý čas: 7 min, 57 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 0
(Žádné zákerné zjištěny položek)

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

log roguekiller
RogueKiller V10.5.5.0 [Mar 16 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : David [Práva správce]
Started from : C:\Users\David\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 03/21/2015 14:06:01

¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] szndesktop.exe(2932) -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] explorer.exe(1560) -- C:\Users\David\AppData\Roaming\Seznam.cz\bin\26587libfoxloader.dll[7] -> Uvolněno

¤¤¤ Registry : 11 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\David\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Smazáno
[Suspicious.Path] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=13415 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{16669638-0442-4D0F-A675-0F6B3C56F8C3} | DhcpNameServer : 10.0.0.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 5 ¤¤¤
[Troj.Generic] \\{047F0B25-08E9-46FA-B641-5930746786CF} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{52A76004-E45C-4AD5-B599-D5C7A92855A1} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{5D292138-B500-444A-9B7D-D49867455B73} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{941FE984-D27F-4351-8D5D-2A8F3580F372} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno
[Troj.Generic] \\{E9C0BBA8-0F05-49F9-95B2-25F608BBD485} -- D:\Hry\Mortal Kombat Komplete Edition\DiscContentPC\MKKE.exe -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 65.112.87.186 master.gamespy.com -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[IE:Addon] System : Canon Easy-WebPrint EX [{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}] -> Smazáno
[FIREFX:Addon] 1bdplhbh.default-1422108646156 : Avast Online Security [wrc@avast.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] 1bdplhbh.default-1422108646156 : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 393bded003480f33d336f052248847c7
[BSP] 668882ef52f211263f2f67caf43ab78d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 82780 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 169533945 | Size: 394157 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_SCN_03192015_151451.log - RKreport_SCN_03212015_140436.log

log zoek

Zoek.exe v5.0.0.0 Updated 21-March-2015
Tool run by David on so 21.03.2015 at 14:15:26,78.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\David\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.3.2015 14:16:31 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Avira deleted successfully
C:\Users\David\AppData\Roaming\Publish Providers deleted successfully
C:\Users\David\AppData\Local\DayZ deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3441744158-3190030285-3986489708-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default\prefs.js:

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\Avira not found
C:\Users\David\AppData\Roaming\.mctitandinocraft deleted
C:\Users\David\AppData\Roaming\.mctitanpokemine deleted
C:\found.000 deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\David\AppData\Local\CrashRpt deleted
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3441744158-3190030285-3986489708-1000 deleted
C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\Invalidprefs.js deleted
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default\extensions\abs@avira.com deleted
"C:\Users\David\AppData\Local\LumaEmu" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ly3Dr4w4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [15.03.2015 10:40]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
C454432F43C61767873DA91885759471 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
954FAB833273DCBC3254E95D2AAF0C46 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
225D76851EFC6144B4BAD941B3E8989D - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
B66B4D28D7D0C6322FF235C782CD6B76 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
3239619A441E23A20EC923DF92FF2D70 - C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll - CANON iMAGE GATEWAY Album Plugin Utility for IJ
5950D438CD3DDF2DD50D9FA4E07A6C1C - C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[15.03.2015 10:40]

Docs - David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Chromium Startpages ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
{"browser":{"window_placement":{"bottom":850,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":860,"work_area_left":0,"work_area_right":1440,"work_area_top":0}},"countryid_at_install":17242,"default_apps_install_state":3,"distribution":{"do_not_launch_chrome":true,"import_home_page":false,"make_chrome_default":true},"dns_prefetching":{"host_referral_list":[2],"startup_list":[1,"https://clients2.google.com/","https://www.google.com/","https://www.googleapis.com/"]},"enhanced_bookmarks_enabled":0,"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"13062433434328881"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"install_signature":{"expire_date":"2015-03-01","ids":["aohghmighlieiainnegkcijnfilokake"],"invalid_ids":[],"salt":"/8eYozwtRjVrHSiX3dMVaY+E1s/bnLoi+PNkd8JzQao=","signature":"Douq58GBBxt+/UIhF0n+PrRbVYHcCQ/HNVpUuTMvVbL0c6U0I9B2RVExs+mB8RwhiCub9wAoyofAWvC5PDA8KDRv06oyRyffC7yFb4c88H9AKgIFcHYrrKoIKBqaMOlaWeg2DT1Tk9OUVeY/5WZRhDqaPqDELskFXlotaRI4ATFSSD8Dc/OL8Ae8Qt7MqPB+t+5yGjPo18J/L/U5sgHJLlbTluUoaJHtlh2kQg96u21PWfuMcG+rwP+hTV2SeuysjoN1UDIvivHGffskUT3pKFsXibmx945mTUHxFl1hHGtVXMZ09V3gTZA3lmZrqveWAaMfwG/ck4B+nUnvwib6qA==","signature_format_version":2,"timestamp":"13062432817794954"},"last_chrome_version":"39.0.2171.71","settings":{"pchfckkccldkbclgdepkaonamkignanh":{}}},"first_run_tabs":["http://welcome_page"],"intl":{"accept_languages":"cs-CZ,cs"},"invalidator":{"client_id":"EvuKgSlhjfldw4XJSnQs+Q=="},"media":{"device_id_salt":"6b5tN64yNELLso/TeaHzNg=="},"net":{"http_server_properties":{"servers":{"clients2.google.com:443":{"settings":{"4":100},"supports_spdy":true},"clients2.googleusercontent.com:443":{"alternate_protocol":{"port":443,"probability":0.02,"protocol_str":"quic"},"settings":{"4":100},"supports_spdy":true}},"version":3}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":26,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","name":"PrvnĂ­ uĹľivatel","per_host_zoom_levels":{}},"protection":{"macs":{}},"proxy":{"bypass_list":"","mode":"system","server":""},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13062432587392753"},"sync_promo":{"show_on_first_run_allowed":false},"translate_blocked_languages":["cs"],"translate_whitelists":{}}
"startup_urls": [ "http://www.google.com/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{076FA737-86F6-4A57-9DEC-691945880797} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{0B074052-B29E-4A3C-B223-EC77D87DEFCF} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"
{4870A190-8C7F-4F0C-A58E-F04883D89902} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"
{6551D3C9-399A-4F90-99FB-7F4F14A38160} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"
{7736160A-95EA-42E4-8C76-57CC6095EA44} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{83955773-B4D6-4713-B7D1-FA72AA7EFFC7} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{C87086E9-7631-4177-B6C7-6B78A6A5C635} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{F38785E6-6734-4EC3-A8C1-71F29F5C0F05} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"

==== Reset Google Chrome ======================

C:\Users\David\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\David\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\David\Desktop\Any Video Converter.lnk - D:\Hry\Anvsoft\Any Video Converter\AVCFree.exe
C:\Users\David\Desktop\Counter-Strike.lnk - D:\Hry\Counter-Strike 1.6\hl.exe -steam -game cstrike
C:\Users\David\Desktop\CS 1.6 Servery.lnk - D:\Hry\Counter-Strike 1.6\CS Servery.url
C:\Users\David\Desktop\Filmy – zástupce.lnk -
C:\Users\David\Desktop\FiveNightsatFreddys – zástupce.lnk -
C:\Users\David\Desktop\GameMaker-Studio.lnk - C:\Users\David\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\_BA6F52370FB84CB79FA120E96853A4F3.exe
C:\Users\David\Desktop\gta_sa – zástupce.lnk -
C:\Users\David\Desktop\HEROES3 – zástupce.lnk -
C:\Users\David\Desktop\Hry – zástupce.lnk -
C:\Users\David\Desktop\KMPlayer.lnk - C:\KMPlayer\KMPlayer.exe
C:\Users\David\Desktop\launcher – zástupce.lnk -
C:\Users\David\Desktop\lol.launcher.admin – zástupce.lnk -
C:\Users\David\Desktop\quake3 – zástupce.lnk -
C:\Users\David\Desktop\StateOfDecay – zástupce.lnk -
C:\Users\David\Desktop\Stonehearth.lnk - D:\Hry\Stonehearth v0.1.0r201\Stonehearth.exe
C:\Users\David\Desktop\Stubbs the Zombie - Rebel Without a Pulse.lnk - D:\Hry\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs.exe
C:\Users\David\Desktop\vegas110 – zástupce.lnk -
C:\Users\David\Desktop\µTorrent.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Public\Desktop\Canon MG2400 series Elektronická příručka.lnk -
C:\Users\Public\Desktop\Canon Quick Menu.lnk - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Fraps.lnk - D:\Fraps\fraps.exe
C:\Users\Public\Desktop\Free Webcam Recorder.lnk - D:\Hry\freepicturesolutions\Free Webcam Recorder\Free Webcam Recorder.exe
C:\Users\Public\Desktop\Game Dev Tycoon.lnk - D:\Hry\Game Dev Tycoon2\GameDevTycoon.exe
C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\MC Titan Dinocraft 1.7.10.lnk - C:\Users\David\AppData\Roaming\.mctitandinocraft\MC Titan Minecraft Launcher.jar
C:\Users\Public\Desktop\MC Titan Pokemine 1.7.10.lnk - C:\Users\David\AppData\Roaming\.mctitanpokemine\MC Titan Minecraft Launcher.jar
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Outlast + DLC Whistleblower - Danik1B9.lnk - D:\hry\Outlast + DLC Whistleblower\OutlastLauncher.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe
C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe
C:\Users\Public\Desktop\Steam.lnk - D:\Hry\steam\Steam.exe
C:\Users\Public\Desktop\WarThunder.lnk - D:\Hry\WarThunder\launcher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio.lnk - C:\Users\David\AppData\Roaming\Microsoft\Installer\{6628277A-F051-4647-96D7-E829FD86C7B9}\_4928C3DDAA574E9788505A94F934E31D.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Carmageddon™ 3 TDR 2000™.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Fable The Lost Chapters™.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Stubbs the Zombie - Rebel Without a Pulse™.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Logs and errors.lnk - D:\Hry\WarThunder\.game_logs cd
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Odinstalovat aplikaci War Thunder.lnk - D:\Hry\WarThunder\unins000.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Replays.lnk - D:\Hry\WarThunder\Replays cd
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\Screenshots.lnk - D:\Hry\WarThunder\Screenshots cd
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk - D:\Hry\WarThunder\launcher.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuál konzolové verze RARu.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Nápověda WinRARu.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft\Any Video Converter\Any Video Converter.lnk - D:\Hry\Anvsoft\Any Video Converter\AVCFree.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft\Any Video Converter\Aplikace Any Video Converter na internetu.lnk - D:\hry\Anvsoft\Any Video Converter\AVCFree.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft\Any Video Converter\Odinstalovat aplikaci Any Video Converter.lnk - D:\Hry\Anvsoft\Any Video Converter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Elektronická registrace.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Odinstalovat hru Stubbs the Zombie - Rebel Without a Pulse.lnk - C:\Program Files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe /M{555ACAE5-B0D5-4E12-8F95-22757DEFAD0F}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Přečíst readme.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs the Zombie - Rebel Without a Pulse - Bezpečný mód.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs the Zombie - Rebel Without a Pulse.lnk - D:\Hry\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Stubbs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc\Stubbs the Zombie - Rebel Without a Pulse\Web stránka Aspyr Media, Inc.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Webcam Recorder\Free Webcam Recorder.lnk - D:\Hry\freepicturesolutions\Free Webcam Recorder\Free Webcam Recorder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon\Game Dev Tycoon.lnk - D:\Hry\Game Dev Tycoon2\GameDevTycoon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Dev Tycoon\Odinstalovat aplikaci Game Dev Tycoon.lnk - D:\Hry\Game Dev Tycoon2\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Odinstalovat aplikaci Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE\Games for Windows - LIVE.lnk - C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office FrontPage 2003.lnk - C:\Windows\Installer\{90170405-6000-11D3-8CFE-0150048383C9}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Digitální certifikát pro projekty VBA.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Jazykové nastavení sady Microsoft Office 2003.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Microsoft Galerie médií.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Microsoft Office Picture Manager.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Obnovení aplikace sady Microsoft Office.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje sady Microsoft Office\Průvodce uložením nastavení sady Microsoft Office 2003.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Digitální certifikát pro projekty v jazyce VBA.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Galerie médií.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Jazykové předvolby systému Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Microsoft Office 2010 Upload Center.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Nástroje systému Microsoft Office 2010\Microsoft Office Picture Manager.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /disable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk - C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe /enable
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast + DLC Whistleblower\Odinstalovat Outlast + DLC Whistleblower.lnk - D:\Hry\Outlast + DLC Whistleblower\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlast + DLC Whistleblower\Outlast + DLC Whistleblower - Danik1B9.lnk - D:\hry\Outlast + DLC Whistleblower\OutlastLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0 Readme.lnk - D:\Hry\obrázek\Nová složka (2)\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0.lnk - D:\Hry\obrázek\Nová složka (2)\vegas110.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Video Capture 6.0 Readme.lnk - D:\Hry\obrázek\Nová složka (2)\Readme\Videocapture_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceMonger\SpaceMonger User's Manual.lnk - C:\Program Files\SpaceMonger\doc\us\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceMonger\SpaceMonger.lnk - C:\Program Files\SpaceMonger\SpaceMonger.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceMonger\Uninstall SpaceMonger.lnk - C:\Program Files\SpaceMonger\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuál konzolové verze RARu.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Nápověda WinRARu.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk - C:\Program Files\Mozilla Firefox\firefox.exe http://www.imperiaonline.org/?ref_ad=src123
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\µTorrent.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KMPlayer.exe.lnk - C:\KMPlayer\KMPlayer.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\1bdplhbh.default-1422108646156\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2204 folders=941 716466191 bytes)

==== Empty Temp Folders ======================

C:\Users\David\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== EOF on so 21.03.2015 at 14:31:51,99 ======================

[Orcus]

Co problémy? + nový log z HJT

[stalkerman]

počítač je o něco rychlejší,dokonce se mi uvolnilo místo na disku C:,které se samo zaplňovalo každý den o 2 Gb

Log z Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:12, on 22.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 36.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\David\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\David\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [RGSC] D:\Hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\hry\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7660 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\David\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\David\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[stalkerman]

tady je zpráva s Delfix
# DelFix v10.9 - Logfile created 25/03/2015 at 21:51:46
# Updated 27/02/2015 by Xplode
# Username : David - DAVID-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\David\Desktop\AdwCleaner.exe
Deleted : C:\Users\David\Desktop\AdwCleaner[R0].txt
Deleted : C:\Users\David\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\David\Desktop\JRT.exe
Deleted : C:\Users\David\Desktop\JRT.txt
Deleted : C:\Users\David\Desktop\HijackThis.exe
Deleted : C:\Users\David\Desktop\hijackthis.log
Deleted : C:\Users\David\Desktop\RKreport_SCN_03192015_151451.log
Deleted : C:\Users\David\Desktop\rogueKiller log 2.txt
Deleted : C:\Users\David\Desktop\RogueKiller.exe
Deleted : C:\Users\David\Desktop\TFC.exe
Deleted : C:\Users\David\Desktop\zoek-results.txt
Deleted : C:\Users\David\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #152 [avast! antivirus system restore point | 03/13/2015 19:04:05]
Deleted : RP #154 [Záložní soubory aktualizace Service Pack byly odebrány. | 03/14/2015 14:50:57]
Deleted : RP #156 [avast! antivirus system restore point | 03/15/2015 09:35:46]
Deleted : RP #157 [Windows Update | 03/15/2015 19:48:21]
Deleted : RP #158 [Windows Update | 03/20/2015 12:42:26]
Deleted : RP #159 [zoek.exe restore point | 03/21/2015 13:16:14]
Deleted : RP #160 [Windows Update | 03/24/2015 13:57:26]

New restore point created !

########## - EOF - ##########

[jaro3]

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.