Prosím o kontrolu logu, PC nefunguje Vyřešeno

[mgilan]

Ahoj, prosím o kontrolu, na prohlížečích se skoro nedá pracovat, neustálé přesměrovávání, vyskakujcí okna atd... s tím že napsat tenhle příspěvek trvá čtvrt hodiny :)

log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:04, on 6. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe
C:\Program Files (x86)\Lenovo\Lenovo Transition\TransitionServer.exe
C:\Users\učitel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\učitel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Evernote\Skitch\Skitch.exe
C:\Users\učitel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvTrayLoad.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvController.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Drive\nativeproxy.exe
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\plugin.exe
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\3\plugin.exe
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\plugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\učitel\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... xWpVpg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... xWpVpg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... xWpVpg,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=16194
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... xWpVpg,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Constant Fun - {9d6b19f5-4a89-4db4-b650-44222af825b0} - C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\RunOnce: [Update] C:\Users\učitel\AppData\Roaming\VOPackage\VOPackage.exe /runonce
O4 - HKCU\..\Run: [OneDrive] "C:\Users\učitel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [BingSvc] C:\Users\učitel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Skitch] C:\Program Files (x86)\Evernote\Skitch\Skitch.exe -start-on-hide
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\učitel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\učitel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\Airtostrong\Warmtonity.dll
O23 - Service: Airtostrong - Unknown owner - C:\ProgramData\\Airtostrong\\Airtostrong.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: amdidx - Unknown owner - C:\Program Files\amdidx\amdidx.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LsvUIService - Lenovo - C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: PGService - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
O23 - Service: Lenovo PhoneCompanionPusher Service (PhoneCompanionPusher) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe
O23 - Service: Lenovo PhoneCompanionVap Service (PhoneCompanionVap) - Lenovo - C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe
O23 - Service: Sharpen Store Card (qulyruvuzbt) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Service Mgr ConstantFun - Unknown owner - C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TESHelper - Lenovo - c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Lamsing (uodate) - Unknown owner - C:\Users\učitel\AppData\Local\Hexit.exe
O23 - Service: Update Mgr ConstantFun - Unknown owner - C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Free Space Decimal Point (wucotusy) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ymc - Lenovo - C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
O23 - Service: Replicate Exit (zutuzuni) - Unknown owner - C:\Program.exe (file missing)

--
End of file - 16061 bytes

[Reklama]

[jerabina]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[mgilan]

ahoj, díky. omlouvám se že odepisuju tak pozdě, zde je log adw

# AdwCleaner v5.028 - Logfile created 10/01/2016 at 18:02:40
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : učitel - LENOVO-PC
# Running from : C:\Users\učitel\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\DriverToolkit
Folder Found : C:\Users\učitel\AppData\Local\DriverToolkit
Folder Found : C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Files ] *****

File Found : C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\WINDOWS\SysWOW64\findit.xml

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER.1
Key Found : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER
Key Found : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02966FA9-C01A-47E7-A169-C83AEA1FB0BA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AD5C084-B6E6-456A-8BA2-A559663780E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70C7334A-66D9-46DE-A4E2-6B923C7DB94E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5780633B-414C-446F-8EB2-FF1C9A731C99}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4EECDED2-40FB-4500-85B4-86FB0EBECA68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10A7F29D-4B00-40EC-B07D-8616DF8135E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05FF6A00-76A3-4AA1-A9A4-A782152ABE60}
Key Found : HKCU\Software\DriverToolkit
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\undefined
Key Found : HKLM\SOFTWARE\VisualDiscovery
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Superfish Inc. VisualDiscovery
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {ielnksrch}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch

***** [ Web browsers ] *****

[C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : yoursearching
[C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.yoursearching.com/?type=hp&t ... xxw760yjmw
[C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4056 bytes] ##########

[mgilan]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 10. 1. 2016
Čas skenování: 18:15
Protokol: gzzubi.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.01.10.01
Databáze rootkitů: v2016.01.09.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: učitel

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 362411
Uplynulý čas: 9 min, 55 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 2184, , [f405c077abee171fe49309c317eac23e]
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, 6512, , [f405c077abee171fe49309c317eac23e]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, , [f405c077abee171fe49309c317eac23e],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AIRTOSTRONG.EXE, , [f405c077abee171fe49309c317eac23e],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [85740136148576c09060984e61a2817f],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [f306f047158488aef5b88712ea197f81],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [9861fd3af1a8ee48f3fd0fd78f740bf5],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [4cadd4631a7fe45248df49827e847987],

Hodnoty registru: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [f306f047158488aef5b88712ea197f81]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, , [35c46fc8c6d3ed491b9382174eb56799]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, , [3dbcc176c1d88babd5da1287c24149b7]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [4cadd4631a7fe45248df49827e847987]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, , [58a12710990075c134771e7b10f358a8]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, , [a0590b2c524745f107a5ebae46bd1ce4]

Data registru: 7
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[04f5bf7816837cba16c5753248bca858]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}),,[4eabb582d1c83afc3c993077838141bf]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F. ... yRaAYuuEE,, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6E%61%70%64%6F. ... eyRaAYuuEE,),,[0aef0433a8f1ff379d397136be468779]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}),,[0fea7abdfe9b241211c4baed35cfc937]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}),,[4eab33044851cd69ce07e1c6f410f10f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73 ... 7ovsJc,&q={searchTerms}),,[9b5ecc6bf6a3c571b42304a338ccae52]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1410552932-3896170908-3864751245-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[b04996a1782190a67f5905a21aea7888]

Složky: 1
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs, , [32c70c2b3a5f181e1b52d4ef0cf6827e],

Soubory: 5
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airtostrong\Airtostrong.exe, , [f405c077abee171fe49309c317eac23e],
PUP.Optional.Linkury.Gen, C:\Windows\SysWOW64\findit.xml, , [e4155bdccfca6acc9cf4ebd2cc37cd33],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.HP, , [32c70c2b3a5f181e1b52d4ef0cf6827e],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\ff.NT, , [32c70c2b3a5f181e1b52d4ef0cf6827e],
PUP.Optional.Linkury, C:\ProgramData\Airtostrongs\snp.sc, , [32c70c2b3a5f181e1b52d4ef0cf6827e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[mgilan]

díky moc,
zde log adw:

# AdwCleaner v5.028 - Logfile created 11/01/2016 at 10:56:38
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : učitel - LENOVO-PC
# Running from : C:\Users\učitel\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Users\učitel\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Files ] *****

[-] File Deleted : C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\SysWOW64\findit.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.WFPCONTROLLER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.READONLYMANAGER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.LSPLOGIC
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEHOLDER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLEFIELDS
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATATABLE
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTROLLER
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\VISUALDISCOVERYLIB.DATACONTAINER
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02966FA9-C01A-47E7-A169-C83AEA1FB0BA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AD5C084-B6E6-456A-8BA2-A559663780E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70C7334A-66D9-46DE-A4E2-6B923C7DB94E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5780633B-414C-446F-8EB2-FF1C9A731C99}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EECDED2-40FB-4500-85B4-86FB0EBECA68}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10A7F29D-4B00-40EC-B07D-8616DF8135E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05FF6A00-76A3-4AA1-A9A4-A782152ABE60}
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Superfish Inc. VisualDiscovery
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch

***** [ Web browsers ] *****

[-] [C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.yoursearching.com/?type=hp&t ... xxw760yjmw
[-] [C:\Users\učitel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4276 bytes] ##########

[mgilan]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64
Ran by uźitel (Administrator) on po 11. 01. 2016 at 11:26:36,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 9

Successfully deleted: C:\Users\uźitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Users\uźitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder)
Successfully deleted: C:\Users\uźitel\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder)
Successfully deleted: C:\Users\uźitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\uźitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\uźitel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKIT.EXE-6D14677C.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-4D05EA77.pf (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-F8240ACC.pf (File)



Registry: 11

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BF5E59E7-53C3-4D70-BF3F-34DC85F96355} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D00C1DEF-7529-4213-B24A-F0A8FB6FC4E6} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 11. 01. 2016 at 11:29:21,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[mgilan]

zpráva z rogue killer:

RogueKiller V11.0.7.0 (x64) [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : u?itel [Práva správce]
Started from : C:\Users\u?itel\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 01/11/2016 12:35:05

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1410552932-3896170908-3864751245-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1410552932-3896170908-3864751245-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728031b1-d26c-4f23-99f5-1e540e9f9f48} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e2f718e2-ad7e-42ca-99f7-9a59a8706d09} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{728031b1-d26c-4f23-99f5-1e540e9f9f48} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e2f718e2-ad7e-42ca-99f7-9a59a8706d09} | DhcpNameServer : 10.0.0.138 ([X]) -> Nalezeno

¤¤¤ Úlohy : 3 ¤¤¤
[Suspicious.Path] \Style Ball -- C:\WINDOWS\system32\rundll32.exe ("C:\Users\u?itel\AppData\Local\Style Ball\{55B4860C-AF34-BAAE-0D0C-64B615813067}\StyleBall.dll",#1) -> Nalezeno
[Suspicious.Path] \Style Ball2 -- C:\WINDOWS\system32\rundll32.exe ("C:\Users\u?itel\AppData\Local\Style Ball\{55B4860C-AF34-BAAE-0D0C-64B615813067}\xcfp.dll",#1) -> Nalezeno
[Suspicious.Path] \updaie -- C:\WINDOWS\system32\config\systemprofile\AppData\Local\Vila (Zimtough /t 1277 9227) -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] aaabd42990253cb69394f8612c0f3908
[BSP] 6db5176346d105f7075ee8aa8684b9d0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433018 MB
5 - Basic data partition | Offset (sectors): 891713536 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 944142336 | Size: 15933 MB
User = LL1 ... OK
User = LL2 ... OK

[jerabina]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[mgilan]

dík dík,
zpráva rogue killer:

RogueKiller V11.0.7.0 (x64) [Jan 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : u?itel [Práva správce]
Started from : C:\Users\u?itel\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 01/11/2016 23:35:16

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Airtostrong (C:\ProgramData\\Airtostrong\\Airtostrong.exe -f "C:\ProgramData\\Airtostrong\\Airtostrong.dat" -l -a) -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1410552932-3896170908-3864751245-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1410552932-3896170908-3864751245-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728031b1-d26c-4f23-99f5-1e540e9f9f48} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e2f718e2-ad7e-42ca-99f7-9a59a8706d09} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{728031b1-d26c-4f23-99f5-1e540e9f9f48} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e2f718e2-ad7e-42ca-99f7-9a59a8706d09} | DhcpNameServer : 10.0.0.138 ([X]) -> Nahrazeno ()

¤¤¤ Úlohy : 3 ¤¤¤
[Suspicious.Path] \Style Ball -- C:\WINDOWS\system32\rundll32.exe ("C:\Users\u?itel\AppData\Local\Style Ball\{55B4860C-AF34-BAAE-0D0C-64B615813067}\StyleBall.dll",#1) -> Smazáno
[Suspicious.Path] \Style Ball2 -- C:\WINDOWS\system32\rundll32.exe ("C:\Users\u?itel\AppData\Local\Style Ball\{55B4860C-AF34-BAAE-0D0C-64B615813067}\xcfp.dll",#1) -> Smazáno
[Suspicious.Path] \updaie -- C:\WINDOWS\system32\config\systemprofile\AppData\Local\Vila (Zimtough /t 1277 9227) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] aaabd42990253cb69394f8612c0f3908
[BSP] 6db5176346d105f7075ee8aa8684b9d0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433018 MB
5 - Basic data partition | Offset (sectors): 891713536 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 944142336 | Size: 15933 MB
User = LL1 ... OK
User = LL2 ... OK

[mgilan]

tady je log ze zoek, ale přestal mi po tomhle fungovat adobe acrobat :(


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by uźitel on Łt 12. 01. 2016 at 8:39:36,01.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\UITEL~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12. 1. 2016 8:39:57 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\New Folder deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\LangSoft deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\UITEL~1\AppData\Local\ActiveSync deleted successfully
C:\Users\UITEL~1\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\UITEL~1\AppData\Local\EmieSiteList deleted successfully
C:\Users\UITEL~1\AppData\Local\EmieUserList deleted successfully
C:\Users\UITEL~1\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} deleted successfully

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\New Folder not found
C:\WINDOWS\sysWoW64\config\systemprofile\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\UITEL~1\AppData\Local\BTServer.log deleted
C:\Users\UITEL~1\AppData\Local\Hexit.exe.config deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\WINDOWS\Installer\487eda.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn" [06. 01. 2016 14:16]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fcfenmboojpjinhpgggodefccipikbpd - No path found[]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive App Launcher - UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh

==== Chromium Fix ======================

C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{D00C1DEF-7529-4213-B24A-F0A8FB6FC4E6}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{D00C1DEF-7529-4213-B24A-F0A8FB6FC4E6} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{D00C1DEF-7529-4213-B24A-F0A8FB6FC4E6} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0370B177-5839-4931-826C-B5AAD2546DE6} - http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{15C48A23-3C3C-431B-9392-27282649E337} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{172C7945-F360-4880-91CA-6725C737121D} - http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194
HKCU\SearchScopes\{4039705D-4597-4C4F-ABCF-340B1A192FA5} - http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{4847FB56-D0BA-4FCE-927D-C4EED7487349} - http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194
HKCU\SearchScopes\{848970A5-AD9C-41AE-B19E-B86210D14AFE} - http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194
HKCU\SearchScopes\{B722290B-606C-40A9-8CD5-AFD251EF5229} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194
HKCU\SearchScopes\{C0822CD8-6816-413A-A88D-29DE76534126} - http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194

==== Reset Google Chrome ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7D2F3875400F0000152000060BECB6AB deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7-F004-0000-5102-0060B0CE6BBA} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7D2F3875400F0000152000060BECB6AB deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UITEL~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\UITEL~1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\UITEL~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\UITEL~1\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\UITEL~1\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\UITEL~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=23 folders=18 17692229 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\UITEL~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 12. 01. 2016 at 9:05:26,82 ======================

[jaro3]

. spusť znovu Malwarebytes' Anti-Malware a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

neudělal si..
nový HJT.
Pak FRTST.