Prosím skontrolovať! Vyskakuju mi reklamy v prehliadači Vyřešeno

[admiralsulko]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:15, on 04.09.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Dominik\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Dominik\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=811009
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\Dominik\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll
O2 - BHO: Constant Fun - {9d6b19f5-4a89-4db4-b650-44222af825b0} - C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Dominik\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [nsurfpmysk] explorer "http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=16EBE26E0A8ED56ACD83F0DE5989930A&utm_d=20160904"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_66F8C29980E8EAA9103CEBF5E167BC0C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: AsusGameFirstService - ASUSTeK - C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\WINDOWS\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem126.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\WINDOWS\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11169 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[admiralsulko]

A mam niečo mazat v Hijack? Takže mám v PC vírus?

[jaro3]

v HJT nic "nemaž" řiď se jen pokyny.
Jestli máš viry to se teprve uvidí.-

[admiralsulko]

# AdwCleaner v6.010 - *Logfile created 05/09/2016 *at 13:20:16
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-09-05.1 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : Dominik - DESKTOP-6MNS74N
# *Running from : C:\Users\Dominik\Desktop\AdwCleaner.exe
# *Mode: Scan
# *Support : https://toolslib.net/forum



***** [ *Services ] *****

*No malicious services found.


***** [ *Folders ] *****

*Folder Found: C:\Users\Dominik\AppData\Local\Mail.Ru
*Folder Found: C:\Users\Dominik\AppData\Local\fupdate
*Folder Found: C:\Users\Dominik\AppData\Local\FileSystemDriver
*Folder Found: C:\Users\Dominik\AppData\Roaming\OpenCandy
*Folder Found: C:\Users\Dominik\AppData\Roaming\MailProducts
*Folder Found: C:\ProgramData\Mail.Ru


***** [ *Files ] *****

*File Found: C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
*File Found: C:\Users\Dominik\Favorites\Mail.Ru.url
*File Found: C:\Users\Dominik\Favorites\Mail.Ru Агент - используй для общения!.url


***** [ DLL ] *****

*No malicious DLLs found.


***** [ WMI ] *****

*No malicious keys found.


***** [ *Shortcuts ] *****

*No infected shortcut found.


***** [ *Scheduled tasks ] *****

*Task Found: fupdate
*Task Found: FileSystemDriver


***** [ *Registry ] *****

*Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
*Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
*Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
*Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
*Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
*Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
*Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
*Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
*Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
*Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}
*Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}
*Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}
*Key Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Conduit
*Key Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Mail.Ru
*Key Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\AppDataLow\Software\Mail.Ru
*Key Found: HKCU\Software\Conduit
*Key Found: HKCU\Software\Mail.Ru
*Key Found: HKCU\Software\AppDataLow\Software\Mail.Ru
*Key Found: HKLM\SOFTWARE\Conduit
*Data Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=811009
*Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mail.ru/cnt/10445?gp=811009
*Key Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
*Data Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
*Key Found: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
*Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
*Data Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
*Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pricepeep.net
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.pricepeep0
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pricepeep.net
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.pricepeep00.p
*Key Found: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
*Key Found: HKCU\Software\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
*Key Found: HKCU\Software\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
*Key Found: HKCU\Software\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ *Web browsers ] *****

*No malicious Firefox based browser items found.
*Chromium pref Found: [C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ccfifbojenkenpkmnbnndeadpfdiffof
*Chromium pref Found: [C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oelpkepjlgmehajehfeicfbjdiobdkfj
*Chromium pref Found: [C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojlcebdkbpjdpiligkdbbkdkfjmchbfd

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [6766 *Bytes] - [05/09/2016 13:20:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6840 *Bytes] ##########

[admiralsulko]

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum kontroly: 05.09.2016
Čas kontroly: 13:38
Protokol: malware.txt
Správca: Áno

Verzia: 2.2.1.1043
Dazabáza malware: v2016.09.05.03
Databáza rootkitov: v2016.08.15.01
Licencia: Skúšobná verzia
Ochrana pred škodlivým softvérom: Zapnuté
Ochrana pred škodlivými webstránkami: Zapnuté
Vlastná ochrana: Vypnuté

OS: Windows 10
CPU: x64
Súborový systém: NTFS
Používateľ: Dominik

Typ kontroly: Kontrola hrozieb
Výsledok: Dokončená
Skontrolovaných objektov: 313647
Uplynulý čas: 12 min, 44 s

Pamäť: Zapnuté
Pri spustení: Zapnuté
Súborový systém: Zapnuté
Archívy: Zapnuté
Rootkity: Vypnuté
Heuristika: Zapnuté
PUP: Zapnuté
PUM: Zapnuté

Procesy: 0
(Žiadne škodlivé položky neboli zistené)

Moduly: 0
(Žiadne škodlivé položky neboli zistené)

Kľúče databázy Registry: 14
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9d6b19f5-4a89-4db4-b650-44222af825b0}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{999721d2-f4d1-4397-8608-38928ddc0932}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{999721d2-f4d1-4397-8608-38928ddc0932}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{999721d2-f4d1-4397-8608-38928ddc0932}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}, , [c3c40668603a7db904bd375f7d852ad6],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [eb9c8de1a0fafb3b03261b564bb7ab55],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, , [eb9c8de1a0fafb3b03261b564bb7ab55],
PUP.Optional.StartPage, HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\SOFTWARE\START PAGE, , [b4d3fc728f0bcd69e52e11e37b881ce4],

Hodnoty databázy Registry: 2
PUP.Optional.StartPage.Generic, HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nsurfpmysk, explorer "http://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=16EBE26E0A8ED56ACD83F0DE5989930A&utm_d=20160904", , [fb8cec82b1e94cead7b84386b64cf30d]
PUP.Optional.StartPage, HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\SOFTWARE\START PAGE|Start Page, http://granena.ru/?utm_content=31b5cebd ... d=20160904, , [b4d3fc728f0bcd69e52e11e37b881ce4]

Údaj databázy Registry: 0
(Žiadne škodlivé položky neboli zistené)

Priečinky: 2
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy, , [89fede90ebaf43f3f830a2024ab86799],
PUP.Optional.OpenCandy, C:\Users\Dominik\AppData\Roaming\OpenCandy\4E56BAABC3EB468BBD3EBEB22EDBED22, , [89fede90ebaf43f3f830a2024ab86799],

Súbory: 21
PUP.Optional.Yontoo, C:\Users\Dominik\AppData\Roaming\OpenCandy\4E56BAABC3EB468BBD3EBEB22EDBED22\setup.exe, , [fe89145ab5e5d0667853bee3738ea35d],
RiskWare.GameHack, C:\Program Files (x86)\Grand Theft Auto V\steam_api64.dll, , [6f18620cc9d104329f39f7b04aba05fb],
RiskWare.GameHack, C:\Program Files (x86)\Project CARS\steam_api.dll, , [88fff678c5d54beb5187159222e2936d],
RiskWare.GameHack, C:\Program Files (x86)\Project CARS\steam_api64.dll, , [55323539900a76c024b4d3d4857f8080],
Spyware.InfoStealer, C:\Users\Dominik\AppData\Local\fupdate\fupdate.exe, , [64233b333c5ef541fa8b32b5936ecc34],
PUP.Optional.Yontoo, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage, , [4c3b4d21eeac89adbdddd004768cdd23],
PUP.Optional.Yontoo, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal, , [a6e1026cf1a9b77feeac7361ed15e61a],
PUP.Optional.MindSpark, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.myway.com_0.localstorage, , [5631303e8c0e82b4c341e9c137cc2cd4],
PUP.Optional.MindSpark, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_gamingwonderland.dl.myway.com_0.localstorage-journal, , [2e592846603ad46280848b1fd62d6799],
PUP.Optional.PricePeep, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, , [7413d39b3a6049ed612c159b0bf8b24e],
PUP.Optional.PricePeep, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, , [0087d49a7723ec4ab9d4eec29d664fb1],
PUP.Optional.Revizer, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage, , [92f570fe2c6e68cef2cdbd236d96956b],
PUP.Optional.Revizer, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.reklaam00.reklaam.co_0.localstorage-journal, , [8cfb8de1bfdbbb7bfcc3f9e71ee550b0],
PUP.Optional.AdNetworkPerformance, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage, , [7d0a1b53564493a39cf2be2411f2b44c],
PUP.Optional.AdNetworkPerformance, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.adnetworkperformance.com_0.localstorage-journal, , [9dea2d415743e551e6a8b032996a2fd1],
PUP.Optional.Yontoo, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_constantfun-a.akamaihd.net_0.localstorage, , [d2b55816aeec53e33f7febf8669d9d63],
PUP.Optional.Yontoo, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_constantfun-a.akamaihd.net_0.localstorage-journal, , [0c7b83eb7822de58cbf3d211de2532ce],
PUP.Optional.PriceMoon, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage, , [384fe08e009a6bcba1074c9836cd30d0],
PUP.Optional.PriceMoon, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.pricemoon.co_0.localstorage-journal, , [ff882e40fe9c91a56840c81cd72c20e0],
PUP.Optional.CrossRider, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [3453eb83960412244b6a8069c2413ec2],
PUP.Optional.CrossRider, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [a2e5e985c1d91224991caf3a9a696c94],

Fyzické sektory: 0
(Žiadne škodlivé položky neboli zistené)


(end)

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[admiralsulko]

# AdwCleaner v6.010 - *Logfile created 05/09/2016 *at 16:30:34
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-09-05.1 [*Server]
# *Operating System : Windows 10 Home (X64)
# *Username : Dominik - DESKTOP-6MNS74N
# *Running from : C:\Users\Dominik\Desktop\AdwCleaner.exe
# *Mode: Clean
# *Support : https://toolslib.net/forum



***** [ *Services ] *****



***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Dominik\AppData\Local\Mail.Ru
[-] *Folder deleted: C:\Users\Dominik\AppData\Local\fupdate
[-] *Folder deleted: C:\Users\Dominik\AppData\Local\FileSystemDriver
[-] *Folder deleted: C:\Users\Dominik\AppData\Roaming\MailProducts
[-] *Folder deleted: C:\ProgramData\Mail.Ru


***** [ *Files ] *****

[-] *File deleted: C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk
[-] *File deleted: C:\Users\Dominik\Favorites\Mail.Ru.url
[-] *File deleted: C:\Users\Dominik\Favorites\Mail.Ru Агент - используй для общения!.url


***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] *Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] *Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] *Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] *Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] *Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] *Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] *Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E8F97CD-60B5-456F-A201-73065652D099}
[-] *Key deleted: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Conduit
[-] *Key deleted: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Mail.Ru
[-] *Key deleted: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\AppDataLow\Software\Mail.Ru
[#] *Key deleted on reboot: HKCU\Software\Conduit
[#] *Key deleted on reboot: HKCU\Software\Mail.Ru
[#] *Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] *Key deleted: HKLM\SOFTWARE\Conduit
[-] *Data restored: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] *Key deleted: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
[-] *Data restored: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] *Key deleted: HKU\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
[-] *Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] *Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pricepeep.net
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.pricepeep00.pricepeep.net
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pricepeep.net
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.pricepeep00.pricepeep.net
[-] *Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] *Key deleted: HKCU\Software\Google\Chrome\Extensions\oelpkepjlgmehajehfeicfbjdiobdkfj
[-] *Key deleted: HKCU\Software\Google\Chrome\Extensions\ojlcebdkbpjdpiligkdbbkdkfjmchbfd
[-] *Key deleted: HKCU\Software\Google\Chrome\Extensions\ccfifbojenkenpkmnbnndeadpfdiffof


***** [ *Browsers ] *****

[-] [C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default] [extension] *Deleted: ccfifbojenkenpkmnbnndeadpfdiffof
[-] [C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default] [extension] *Deleted: oelpkepjlgmehajehfeicfbjdiobdkfj
[-] [C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default] [extension] *Deleted: ojlcebdkbpjdpiligkdbbkdkfjmchbfd


*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6288 *Bytes] - [05/09/2016 16:30:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [6928 *Bytes] - [05/09/2016 13:20:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [6431 *Bytes] - [05/09/2016 16:29:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6510 *Bytes] ##########

[admiralsulko]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Dominik (Administrator) on 05.09.2016 at 16:38:50,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\m9jchmg0.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} (Folder)
Successfully deleted: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\m9jchmg0.default\searchplugins\mailru.xml (File)

Deleted the following from C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\m9jchmg0.default\prefs.js
user_pref(browser.search.defaultenginename, Поиск@Mail.Ru);
user_pref(browser.search.selectedEngine, Поиск@Mail.Ru);
user_pref(browser.startup.homepage, hxxp://mail.ru/cnt/10445?gp=811013);
user_pref(extensions.homepage@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_ ... 0C0-4FC0-8
user_pref(extensions.homepage@mail.ru.install_id, {DEE58C4D-50C0-4FC0-8437-90FA3E7EEA82});
user_pref(extensions.homepage@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.tx ... 09BEC671B3
user_pref(extensions.homepage@mail.ru.partner_product_online_url, hxxp://huxuebdapui.yeahpleasure.ru/affe ... 5dbd&guid={guid}&did=255878427
user_pref(extensions.homepage@mail.ru.product_id, {DE81ED5D-1C80-402F-9E19-909BEC671B32});
user_pref(extensions.homepage@mail.ru.product_type, ff_xtnhp);
user_pref(extensions.homepage@mail.ru.rfr, 811013);
user_pref(extensions.search@mail.ru.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_ ... 0-4FC0-843
user_pref(extensions.search@mail.ru.install_id, {DEE58C4D-50C0-4FC0-8437-90FA3E7EEA82});
user_pref(extensions.search@mail.ru.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.tx ... D45F096E9D%
user_pref(extensions.search@mail.ru.partner_product_online_url, hxxp://huxuebdapui.yeahpleasure.ru/affe ... 5dbd&guid={guid}&did=2558784270&
user_pref(extensions.search@mail.ru.product_id, {BEE2C9F1-1EE3-4A75-B37B-27D45F096E9D});
user_pref(extensions.search@mail.ru.product_type, ff_xtndse);
user_pref(extensions.search@mail.ru.rfr, 811014);
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.go_metric_url, hxxp://go.mail.ru/distib/mark/?product_ ... nstall_id=%
user_pref(extensions.{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.mrds_metric_url, hxxp://mrds.mail.ru/update/2/version.tx ... 8A2CA-24E1
user_pref(keyword.URL, hxxp://go.mail.ru/distib/ep/?product_id ... &gp=811014);



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_66F8C29980E8EAA9103CEBF5E167BC0C (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2016 at 16:41:31,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[admiralsulko]

RogueKiller V12.6.0.0 (x64) [Sep 5 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Dominik [Administrator]
Started from : C:\Users\Dominik\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 09/05/2016 16:53:04 (Duration : 00:20:30)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3566644980-2292899936-3484726276-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ [[WMI]] : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] m9jchmg0.default : ?????@Mail.Ru? [search@mail.ru] -> Found
[PUP][FIREFX:Addon] m9jchmg0.default : ???????? ???????? Mail.Ru [homepage@mail.ru] -> Found
[PUP][FIREFX:Addon] m9jchmg0.default : ?????????? ???????? @Mail.Ru [{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] ff229f38f82e340a66095cb90e2e4477
[BSP] 2d1368d3d899869b42b99ab21e86e932 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 380772 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 780388352 | Size: 499 MB
4 - Basic data partition | Offset (sectors): 781410304 | Size: 572321 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Audio Player USB Device +++++
--- User ---
[MBR] df6089f819e94f37a1a995387de83117
[BSP] 99e4ae891de0d3aeb47bbcc39442c924 : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 979 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

[jaro3]

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.


Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech

[admiralsulko]

to dokedy ešte budem robiť? vysvetlíš o čo ide?
btw Malware Bytes nič nenašiel. :)