Prosím o kontrolu Vyřešeno

[olinka123]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:41:15, on 9. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17377)
Boot mode: Normal

Running processes:
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Users\Jiří\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Jiří\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
C:\WINDOWS\SYSWOW64\WSCRIPT.EXE
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Jiří\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... X63AGC1W3T
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... X63AGC1W3T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... AGC1W3T&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... AGC1W3T&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp ... X63AGC1W3T
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Jiří\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Jiří\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Jiří\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STUISpeedLauncher] "C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe" -speedlauncher -minVer:6.6.58.0
O4 - HKCU\..\Run: [EEDSpeedLauncher] rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [Avast Antivirus Keygen 2015 ] wscript.exe //B "C:\Users\JI10BB~1\AppData\Local\Temp\Avast Antivirus Keygen 2015 .vbs"
O4 - HKCU\..\Run: [5f848387ee7fc6d1e33030280b5be303] "C:\Users\Jiří\AppData\Local\Temp\explors.exe" ..
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Avast Antivirus Keygen 2015 .vbs
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.taobao.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SysWOW64\IoctlSvc.exe
O23 - Service: Registry Expert Service (REService) - Unknown owner - C:\Program Files (x86)\Registry Expert\REService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9434 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[olinka123]

po spuštění ATF-Cleaner vyskočí tabulka Are you sure you want to delete your Firefox saved password?

[olinka123]

# AdwCleaner v5.013 - Logfile created 09/10/2015 at 11:48:37
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 8 (x64)
# Username : Jiří - PC-JIRKA
# Running from : C:\Users\Jiří\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\XTab
[-] Folder Deleted : C:\ProgramData\WindowsMangerProtect
[-] Folder Deleted : C:\ProgramData\IHProtectUpDate
[-] Folder Deleted : C:\Users\Jiří\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Jiří\AppData\Local\FileViewPro
[-] Folder Deleted : C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\syhr97cv.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

***** [ Files ] *****

[-] File Deleted : C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\syhr97cv.default\searchplugins\yahoo.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKCU\Software\5f848387ee7fc6d1e33030280b5be303
[-] Key Deleted : HKCU\Software\d09fe7c9255424745de98c2e348075f7
[-] Key Deleted : HKCU\Software\dc4e04fde93b8ede40c71c9571d7c901
[-] Key Deleted : HKLM\SOFTWARE\c25655cb-7d3f-4eb9-91e9-6829e80f1298
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D1A77E45-DC70-4604-A8CD-92796DCA5D4D}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D1A77E45-DC70-4604-A8CD-92796DCA5D4D}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[!] Key Not Deleted : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D1A77E45-DC70-4604-A8CD-92796DCA5D4D}
[!] Key Not Deleted : HKU\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\syhr97cv.default\prefs.js] [Preference] Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[-] [C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : istart.webssearches.com
[-] [C:\Users\Jiří\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : webssearches

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11531 bytes] ##########

[Orcus]

ATF - ptá se na potvrzení smazání všech hesel ve Firefoxu.

AdwCleaner - nesmazalo se vše. Proveď nový sken a dej rovnou smazat vše. Dodej log po smazání.

[olinka123]

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 9. 10. 2015
Čas skenování: 12:01
Protokol: bbb.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.09.02
Databáze rootkitů: v2015.10.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: Jiří

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 400690
Uplynulý čas: 21 min, 43 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 13
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, , [4c9ae66e8209fc3ad1cfa33f39ca8f71],
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE, , [29bd0e46a8e386b0c2931f9662a26f91],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\Internet Speed Checker-nv, , [84622c28197257dfc0d1b79225dee21e],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\Internet Speed Checker-nv-ie, , [6f774410404b3cfa405171d807fc16ea],
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, , [717594c07d0e59dd5584f1f6d2328a76],
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS, , [ecfa81d3e8a38da9895005e25fa5f50b],
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, , [44a294c0d3b8290debb5d40e897ace32],
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE, , [a83e361ebdcecf67480d8035a85c32ce],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv, , [41a5381cfb9078be672be861a65d57a9],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv-ie, , [f3f31b39682350e6a4eef356cf341ee2],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-21-409746375-2400753399-3449076528-1001\SOFTWARE\Internet Speed Checker-nv, , [d70fb59fff8c999d2c6693b69a69cb35],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-21-409746375-2400753399-3449076528-1001\SOFTWARE\Internet Speed Checker-nv-ie, , [10d6aba9e1aa5adce6ac77d2659e8779],
PUP.Optional.Spigot, HKU\S-1-5-21-409746375-2400753399-3449076528-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6BB65C2-D06F-4265-A53B-B9C7E7E46794}, , [4c9aa9abddaefd390f7e1db439cb7090],

Hodnoty registru: 6
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe", , [4c9ae66e8209fc3ad1cfa33f39ca8f71]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE|Debugger, "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe", , [29bd0e46a8e386b0c2931f9662a26f91]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe", , [44a294c0d3b8290debb5d40e897ace32]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE|Debugger, "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe", , [a83e361ebdcecf67480d8035a85c32ce]
PUP.Optional.Spigot, HKU\S-1-5-21-409746375-2400753399-3449076528-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D6BB65C2-D06F-4265-A53B-B9C7E7E46794}|URL, https://search.yahoo.com/search?fr=chr- ... =144336&p={searchTerms}, , [4c9aa9abddaefd390f7e1db439cb7090]
Trojan.Agent, HKU\S-1-5-21-409746375-2400753399-3449076528-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|5f848387ee7fc6d1e33030280b5be303, "C:\Users\Jiří\AppData\Local\Temp\explors.exe" .., , [34b271e3acdffc3ab46590c9b94a669a]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 1
Stolen.Data, C:\Users\Jiří\AppData\Roaming\Imminent\Logs, , [02e45bf9187350e6d7f2c298986bf50b],

Soubory: 63
PUP.Optional.InstallCore, C:\Program Files (x86)\7a0ada9e-6697-417c-a361-8a2b4578e696\c3c48e5d-307a-4133-a964-172256ef318d.dll, , [757176deb6d57db9df61a023729347b9],
PUP.Optional.InstallCore, C:\Program Files (x86)\AMD APP\7a0ada9e-6697-417c-a361-8a2b4578e696.dll, , [25c158fc503b1c1ae55b774cbb4aa858],
Stolen.Data, C:\Users\Jiří\AppData\Roaming\Imminent\Logs\19-02-2015, , [02e45bf9187350e6d7f2c298986bf50b],
Stolen.Data, C:\Users\Jiří\AppData\Roaming\Imminent\Logs\20-02-2015, , [02e45bf9187350e6d7f2c298986bf50b],
Stolen.Data, C:\Users\Jiří\AppData\Roaming\Imminent\Logs\21-02-2015, , [02e45bf9187350e6d7f2c298986bf50b],
PUP.Optional.Spigot, C:\Users\Jiří\AppData\Roaming\Mozilla\Firefox\Profiles\syhr97cv.default\prefs.js, Dobré: (), Špatné: (user_pref("keyword.URL", "https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=144336&p=");), ,[4d9973e1ddaeff3706c26561877efd03]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 virustotal.com), ,[4d99d67ed9b2ff37ba050db7b253c937]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (ame should be separated by at), ,[11d5342023682d09ad12e2e2af56ca36]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (
# Additionally, comment), ,[bb2b282c870452e49926b60eea1bdf21]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.novirusthanks.org), ,[c323a7ad266543f3a21e71539f666b95]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( localhost
127.0.0.), ,[e3037cd8f19a7cba744ca4202ed708f8]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 virusscan.jotti.org), ,[f3f33b19246738fedae75173ee1724dc]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (# space.
#
# Additionally, comme), ,[984e88cc513a15214180b2128a7b966a]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (me should be separated by at l), ,[41a5c98bc0cbdf578b365173867fc739]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.viruschief.com), ,[2bbb76def596f343576bd3f10104c739]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( localhost
127.0.0.), ,[3caa53015635ab8b6e54616325e01ae6]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 metascan-online.com), ,[479f68ec14770630bb089a2a1ee7e41c]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( The IP address and the host name ), ,[5492bd9745463ff7655e4f75d233f40c]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (such as these) may be inserted), ,[52947dd71675c175aa19bb09f80dd42c]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 razorscanner.com), ,[27bf064ecbc069cdb50f31939174ec14]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (ast one
# space.
#
# Additio), ,[de08e272f8930b2bd5efe9dbc3428c74]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (parated by at least one
# ), ,[be2886ce7417f343c202655f986d5aa6]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 scan.majyx.net), ,[489e1c387d0e5cda636206be8b7ac13f]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (e
# space.
#
# Additionall), ,[02e459fb6b204ceac4012e96778e04fc]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (separated by at least one), ,[10d6bd9794f77abca61f982cbe47f10f]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 nodistribute.com), ,[e600ef65e2a9b5816b5becd8b550fa06]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (
# space.
#
# Additionally, c), ,[30b6292b8b003bfb17afb60e9d68d12f]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (ld be separated by at least), ,[cb1b460e4e3d39fd11b5f6cec045bd43]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 anubis.iseclab.org), ,[df07a4b0aae1ab8b9631e0e4897cc23e]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (ample:
#
# 102.54.94.97 ), ,[1fc778dcb1dab28410b7e5dfff06f808]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( kept on an individual line. ), ,[7472e76df794171f3d8a7c48ec1938c8]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 novirusthanks.org), ,[33b35400bad1280e8048c00465a09e62]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (:
#
# 102.54.94.97 rh), ,[41a5b89ccfbc37ffeeda4c78b84de11f]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( be kept on an individual li), ,[578fb59f6e1d68ceb711794b4abbca36]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 virscan.org), ,[36b08bc97e0de4526f5ac8fc020304fc]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (idual
# lines or followin), ,[17cfe76d216ac2745772a420a85d12ee]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (the corresponding host), ,[44a258fc3754eb4bc9005c6830d56997]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 metascan.org), ,[42a456fe2d5e360096340aba56af05fb]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (lly, comments (such as thes), ,[a04690c4b1da8babeae015af26df9d63]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (he host name should be ), ,[45a1252f96f57abc63679430d72e0bf5]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 virus-trap.org), ,[cb1bc1937219191d6962a1230302d12f]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (IP address and the host name ), ,[db0b421267241d194c7f408457aef907]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (s (such as these) may be ), ,[9551282cd7b4be785d6eebd9699cdd23]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 viruschief.com), ,[dd09de7632595dd9ac20299b16ef9967]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (dress should
# be placed in ), ,[edf9b89ceba00b2bac20d3f16a9b8977]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( by a '#' symbol.
#
# F), ,[dd09a0b407848aacc903606410f53fc1]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 xcscanner.com), ,[6e78df75c1cac373a22b2b99ec195aa6]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( a sample HOSTS file used by), ,[01e5490beaa16bcbceffd2f2b94c32ce]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (esolution is handled wit), ,[5f8792c2f9929a9cf5d809bbf0158b75]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 malwr.com), ,[7f677dd76229a4925e7004c0bb4a05fb]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (dditionally, comments (s), ,[fee8f16328631026349a0abad82d51af]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (hould be separated b), ,[ebfb005494f772c42da1b70d867f8e72]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.xcscanner.com), ,[3ea812425932f3436d62774d5ea78080]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( localhost
127.0.0.), ,[ab3bd480a5e659dda32c5272f80de31d]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.razorscanner.com), ,[3ea8d87c29621d19b917a51f1bead62a]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( localhost
127.0.0.), ,[f5f179db791252e4def2952f8580af51]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.scan.majyx.net), ,[28be3e1684077cba4b86a81cc73e36ca]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.nodistribute.com), ,[18ce99bbcfbc41f5ae249a2a867ff709]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.virus-trap.org), ,[26c071e35e2df343696a12b234d10af6]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (127.0.0.1 http://www.malwr.com), ,[a343aaaa602be056e3f16163a95cda26]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: ( localhost
127.0.0.), ,[885e87cd77142b0b676d982c21e452ae]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (.
# The IP address and the host n), ,[61855bf99af17db954df24a107feb34d]
Hijack.Host, C:\Windows\System32\Drivers\etc\hosts, Dobré: (), Špatné: (ts (such as these) may be inse), ,[e30380d4fd8e171ffa393491a85ddb25]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[olinka123]

# AdwCleaner v5.013 - Logfile created 09/10/2015 at 12:29:17
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 8 (x64)
# Username : Jiří - PC-JIRKA
# Running from : C:\Users\Jiří\Desktop\adwcleaner_5.013.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [560 bytes] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

ATF dej "ne".

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[olinka123]

# AdwCleaner v5.013 - Logfile created 09/10/2015 at 12:35:02
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 8 (x64)
# Username : Jiří - PC-JIRKA
# Running from : C:\Users\Jiří\Desktop\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [624 bytes] ##########

[olinka123]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 8 x64
Ran by Jiýˇ on p  09. 10. 2015 at 12:42:58,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (Jiýˇ)
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\5f848387ee7fc6d1e33030280b5be303



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Disk Space Explorer Shell Extension
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\TuneUp Shredder Shell Extension
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{595B9032-0F59-44D5-9828-E1B27AFB4B55}



~~~ Files

Successfully deleted: [File] C:\Users\Public\Desktop\tuneup 1-click maintenance.lnk
Successfully deleted: [File] C:\Users\Public\Desktop\tuneup utilities 2014.lnk



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\alipay
Successfully deleted: [Folder] C:\Program Files (x86)\newsoft
Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tuneup utilities 2014
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Jiýˇ\AppData\Roaming\imminent
Successfully deleted: [Folder] C:\Users\Jiýˇ\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\Users\Jiýˇ\AppData\Roaming\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\Jiýˇ\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\Jiýˇ\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Jiýˇ\AppData\Roaming\taobaoprotect



~~~ FireFox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alipay.com/npcombrg701,version=1.0.2011.701
Successfully deleted the following from C:\Users\Jiýˇ\AppData\Roaming\mozilla\firefox\profiles\syhr97cv.default\prefs.js

user_pref(extensions.foxcub.config.encodedConfig, {\core\:{\configUrl\:\hxxp://download.seznam.cz/software/conf/\,\configUrlSecure\:\hxxps://download.seznam.cz/sof



~~~ Chrome


[C:\Users\Jiýˇ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Jiýˇ\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Jiýˇ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Jiýˇ\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  09. 10. 2015 at 12:46:49,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[olinka123]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9. 10. 2015
Čas skenování: 12:48
Protokol: cccccccccc.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.09.02
Databáze rootkitů: v2015.10.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8
CPU: x64
Souborový systém: NTFS
Uživatel: Jiří

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 400322
Uplynulý čas: 20 min, 55 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[olinka123]

RogueKiller V10.10.9.0 (x64) [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8 (6.2.9200) 64 bits version
Spuštěno : Normální režim
Uživatel : Ji?í [Práva správce]
Started from : C:\Users\Ji?í\Desktop\RogueKillerX64(1).exe
Mód : Prohledat -- Datum : 10/09/2015 14:46:58

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Ji?í\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Ji?í\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7][x] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Ji?í\AppData\Roaming\Seznam.cz\szninstall.exe" -c [7][x] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Ji?í\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [7][x] -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-409746375-2400753399-3449076528-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://seznam.cz/ -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 81.200.55.50 81.200.55.34 ([(Unknown Country?) (XX)][(Unknown Country?) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 81.200.55.50 81.200.55.34 ([(Unknown Country?) (XX)][(Unknown Country?) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5FABDD3D-656C-4087-80CB-EE1F0F314112} | DhcpNameServer : 81.200.55.50 81.200.55.34 ([(Unknown Country?) (XX)][(Unknown Country?) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF34E7D8-EA41-445F-96D2-A85F48117F87} | DhcpNameServer : 81.200.55.50 81.200.55.34 ([(Unknown Country?) (XX)][(Unknown Country?) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FABDD3D-656C-4087-80CB-EE1F0F314112} | DhcpNameServer : 81.200.55.50 81.200.55.34 ([(Unknown Country?) (XX)][(Unknown Country?) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF34E7D8-EA41-445F-96D2-A85F48117F87} | DhcpNameServer : 81.200.55.50 81.200.55.34 ([(Unknown Country?) (XX)][(Unknown Country?) (XX)]) -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] syhr97cv.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] bf2e3216ab5557966fb6a54b21ad50ec
[BSP] 862f807fd01ebc470cccb9ddecb3064a : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 936356 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1919354880 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1920276480 | Size: 350 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1920993280 | Size: 15884 MB
User = LL1 ... OK
User = LL2 ... OK