Preventivka

[trixyofficial]

Ahoj, poprosím o preventivní kontrolu na havěť

Děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:50, on 13.08.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0420)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
D:\steam\Steam.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Lukáš\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
D:\GalaxyClient\GalaxyClient.exe
D:\GalaxyClient\GalaxyClient Helper.exe
D:\GalaxyClient\GalaxyClient Helper.exe
D:\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "D:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GNE_DualMonitorTools] C:\Program Files (x86)\Dual Monitor Tools\DMT.exe
O4 - HKCU\..\Run: [GalaxyClient] D:\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = ?
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - D:\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem22.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 11791 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[trixyofficial]

# AdwCleaner v6.000 - *Logfile created 14/08/2016 *at 10:00:43
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-08-13.3 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : Lukáš - LUKAS-PC
# *Running from : C:\Users\Lukáš\Downloads\adwcleaner_6.000.exe
# *Mode: Scan
# *Support : https://toolslib.net/forum



***** [ *Services ] *****

*No malicious services found.


***** [ *Folders ] *****

*Folder Found: C:\Users\Lukáš\AppData\Roaming\eCyber
*Folder Found: C:\Users\Lukáš\AppData\Roaming\WinZiper
*Folder Found: C:\Program Files (x86)\WinZipper
*Folder Found: C:\Program Files (x86)\TXQQBrowser
*Folder Found: C:\extensions


***** [ *Files ] *****

*File Found: C:\END


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ *Shortcuts ] *****

*No infected shortcut found.


***** [ *Scheduled tasks ] *****

*Task Found: Browser Updater Task(Core)


***** [ *Registry ] *****

*Key Found: HKLM\SOFTWARE\Classes\WinZippers.001
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.7z
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.arj
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.bz2
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.bzip2
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.cab
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.cpio
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.deb
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.dmg
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.fat
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.gz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.gzip
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.hfs
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.iso
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.lha
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.lzh
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.lzma
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.ntfs
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.rar
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.rpm
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.squashfs
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.swm
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.tar
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.taz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.tbz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.tbz2
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.tgz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.tpz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.txz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.vhd
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.wim
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.xar
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.xz
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.z
*Key Found: HKLM\SOFTWARE\Classes\WinZippers.zip
*Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
*Key Found: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
*Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
*Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
*Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
*Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
*Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
*Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
*Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
*Key Found: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
*Key Found: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
*Key Found: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
*Key Found: HKLM\SOFTWARE\hdcode
*Key Found: HKLM\SOFTWARE\qkseeSvc
*Key Found: HKLM\SOFTWARE\qksee
*Key Found: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
*Key Found: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
*Key Found: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
*Key Found: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
*Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
*Key Found: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
*Key Found: HKLM\SOFTWARE\Classes\s


***** [ *Web browsers ] *****

*No malicious Firefox based browser items found.
*Chromium pref Found: [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovigo.com
*Chromium pref Found: [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search
*Chromium pref Found: [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - trovigo.com
*Chromium pref Found: [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - trovi.search

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5184 *Bytes] - [14/08/2016 09:50:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [5092 *Bytes] - [14/08/2016 10:00:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5166 *Bytes] ##########









Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14.08.2016
Čas skenování: 11:57
Protokol:
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.08.14.04
Databáze rootkitů: v2016.08.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 313250
Uplynulý čas: 8 min, 34 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 1
PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{6710C780-E20E-4C49-A87D-321850ED3D7C}, , [fc00d674bedcbf77642eac226f959d63],

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[trixyofficial]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21.08.2016
Čas skenování: 19:37
Protokol: 123.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.08.21.07
Databáze rootkitů: v2016.08.15.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 313746
Uplynulý čas: 11 min, 33 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 2
PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{6710C780-E20E-4C49-A87D-321850ED3D7C}, Do karantény, [aa11fc51efaba690af5ebd148480ec14],
PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{6710C780-E20E-4C49-A87D-321850ED3D7C}, Do karantény, [aa11fc51efaba690af5ebd148480ec14],

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)


# AdwCleaner v6.000 - *Logfile created 21/08/2016 *at 19:53:53
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-08-21.2 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : Lukáš - LUKAS-PC
# *Running from : C:\Users\Lukáš\Downloads\adwcleaner_6.000 (1).exe
# *Mode: Clean
# *Support : https://toolslib.net/forum



***** [ *Services ] *****



***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Lukáš\AppData\Roaming\eCyber
[-] *Folder deleted: C:\Users\Lukáš\AppData\Roaming\WinZiper
[-] *Folder deleted: C:\Program Files (x86)\WinZipper
[-] *Folder deleted: C:\Program Files (x86)\TXQQBrowser
[-] *Folder deleted: C:\extensions


***** [ *Files ] *****

[-] *File deleted: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****

[-] *Task deleted: Browser Updater Task(Core)


***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.001
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.z
[-] *Key deleted: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] *Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] *Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] *Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] *Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] *Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] *Key deleted: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] *Key deleted: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] *Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] *Key deleted: HKLM\SOFTWARE\hdcode
[-] *Key deleted: HKLM\SOFTWARE\qkseeSvc
[-] *Key deleted: HKLM\SOFTWARE\qksee
[-] *Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] *Key deleted: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] *Key deleted: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] *Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] *Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] *Key deleted: HKLM\SOFTWARE\Classes\s


***** [ *Browsers ] *****

[-] [trovigo.com] [Search Provider] *Deleted: trovigo.com
[-] [trovi.search] [Search Provider] *Deleted: trovi.search


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5142 *Bytes] - [21/08/2016 19:53:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [5184 *Bytes] - [14/08/2016 09:50:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [5258 *Bytes] - [14/08/2016 10:00:43]
C:\AdwCleaner\AdwCleaner[S2].txt - [5224 *Bytes] - [21/08/2016 19:52:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5438 *Bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Luk ç (Administrator) on 21.08.2016 at 20:01:33,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\WINZIPERSVC (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.08.2016 at 20:03:04,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:50, on 13.08.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0420)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
D:\steam\Steam.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Lukáš\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
D:\GalaxyClient\GalaxyClient.exe
D:\GalaxyClient\GalaxyClient Helper.exe
D:\GalaxyClient\GalaxyClient Helper.exe
D:\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lukáš\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "D:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GNE_DualMonitorTools] C:\Program Files (x86)\Dual Monitor Tools\DMT.exe
O4 - HKCU\..\Run: [GalaxyClient] D:\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: MEGAsync.lnk = ?
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - D:\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem22.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

--
End of file - 11791 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků