Zmatkující firewall Vyřešeno

[Ashar]

Nechápu smysl vašeho příspěvku.. Mířeno na Ashar. Vždy jsem si myslel, že by člověk neměl plést do cizího příspěvku svoje problémy. Tak pro příště si založte svůj!

MOC se omlouvam! četl jsem si ostatní a spletl jsem si muj s vašim!

Má chyba...

[Reklama]

[bonynek]

Díky.

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[bonynek]

MbAM log --------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 29.07.2015
Čas skenování: 13:40
Protokol: trol.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.29.02
Databáze rootkitů: v2015.07.29.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: luke1

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 534548
Uplynulý čas: 45 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 2
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\bitstreams, Do karantény, [add9a344a9e17abcb3477269bd45857b],

Soubory: 17
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncgjlamg.exe, Do karantény, [1c6a7e693b4f979f9810a138a45d6f91],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncgjlamg.exe, Do karantény, [8cfab1364b3f53e31e14c626936dd52b],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncgjlamg.exe, Do karantény, [c5c1f5f2ee9c03334e75647aed14f709],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\diablo130302.cl, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\diakgcn121016.cl, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\libcurl-4.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\libeay32.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\libidn-11.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\librtmp.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\libssh2.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\mncrwfks.exe, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\phatk121016.cl, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\poclbm130302.cl, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\scrypt130511.cl, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\ssleay32.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\zlib1.dll, Do karantény, [add9a344a9e17abcb3477269bd45857b],
Trojan.Agent.BCM, C:\Windows\INF\mncrwfks\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, Do karantény, [add9a344a9e17abcb3477269bd45857b],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

AdwCleaner log --------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v4.208 - Log vytvořen 29/07/2015 v 16:37:40
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-26.2 [Server]
# Operační system : Windows 10 Home (x64)
# Uživatelské jméno : luke1 - EPICON
# Spuštěno z : C:\Users\luke1\Downloads\adwcleaner_4.208 (1).exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : vToolbarUpdater18.8.0

***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.10240.16384


-\\ Google Chrome v44.0.2403.107

[C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{"_execute_page_action":{"suggested_key":"Alt+Shift+P"}},"content_settings":[],"creation_flags":9,"disable_reasons":32,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["browsingData","cookies","downloads","downloadsInternal","history","homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13081635642794171","lastpingday":"13082626769611368","location":1,"manifest":{"background":{"page":"background.html","persistent":true},"chrome_settings_overrides":{"homepage":"hxxps://mysearch.avg.com/?rvt=1","search_provider":{"encoding":"UTF-8","favicon_url":"hxxps://mysearch.avg.com/favicon.ico","is_default":true,"keyword":"hxxps://mysearch.avg.com","name":"AVG Secure Search
[C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{"_execute_page_action":{"suggested_key":"Alt+Shift+P"}},"content_settings":[],"creation_flags":9,"disable_reasons":32,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["browsingData","cookies","downloads","downloadsInternal","history","homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13081349504324940","lastpingday":"13081589994294544","location":1,"manifest":{"background":{"page":"background.html","persistent":true},"chrome_settings_overrides":{"homepage":"hxxps://mysearch.avg.com/?rvt=1","search_provider":{"encoding":"UTF-8","favicon_url":"hxxps://mysearch.avg.com/favicon.ico","is_default":true,"keyword":"hxxps://mysearch.avg.com","name":"AVG Secure Search
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] : management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{"_execute_page_action":{"suggested_key":"Alt+Shift+P","was_assigned":true}},"content_settings":[],"creation_flags":9,"disable_reasons":33,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["browsingData","cookies","downloads","downloadsInternal","history","homepage","management","nativeMessaging","searchProvider","startupPages","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13081274932762821","lastpingday":"13081244401570394","location":1,"manifest":{"background":{"page":"background.html","persistent":true},"chrome_settings_overrides":{"homepage":"hxxps://mysearch.avg.com/?rvt=1","search_provider":{"encoding":"UTF-8","favicon_url":"hxxps://mysearch.avg.com/favicon.ico","is_default":true,"keyword":"hxxps://mysearch.avg.com","name":"AVG Secure Search

*************************

AdwCleaner[R3].txt - [5211 bytů] - [29/07/2015 16:37:28]
AdwCleaner[S1].txt - [5136 bytů] - [29/07/2015 16:37:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5194 bytů] ##########


JRT log --------------------------------------------------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 10 Home x64
Ran by luke1 on 29.07.2015 at 16:42:52,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (Luk ç)
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster Update



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3023154953-198692014-4210139472-1079\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Kozaka
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Kozaka



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\company
Successfully deleted: [Folder] C:\Program Files (x86)\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\Alawar
Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\luke1\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\users\Public\Documents\alawarwrapper
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin



~~~ Chrome


[C:\Users\luke1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\luke1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\luke1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\luke1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2015 at 16:52:34,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RogueKiller log --------------------------------------------------------------------------------------------------------------------------------------

RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : luke1 [Práva správce]
Started from : C:\Users\luke1\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 07/29/2015 17:17:17

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com?pc=CMNTDFJS -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=CMNTDFJS -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3023154953-198692014-4210139472-1079\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=CMNTDFJS -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3023154953-198692014-4210139472-1079\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=CMNTDFJS -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2254848 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2516992 | Size: 544112 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1116860416 | Size: 480 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1122215936 | Size: 519 MB
6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1123278848 | Size: 537 MB
7 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1124378624 | Size: 350 MB
8 - Basic data partition | Offset (sectors): 1125095424 | Size: 150023 MB
9 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1432344576 | Size: 350 MB
10 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1433061376 | Size: 350 MB
11 - [SYSTEM] Basic data partition | Offset (sectors): 1433778176 | Size: 13267 MB
12 - [SYSTEM] Basic data partition | Offset (sectors): 1460948992 | Size: 2044 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[bonynek]

Trochu se ztrácím, co si mám představit pod zkratkou HJT ? Děkuji

[bonynek]

Pro zatím zoek log ---------------

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by luke1 on 29.07.2015 at 17:53:18,35.
Microsoft Windows 10 Home 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\luke1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.07.2015 17:54:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\UnitSender deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Fotolab deleted successfully
C:\Program Files\Highresolution Enterprises deleted successfully
C:\PROGRA~3\AWEM deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\dbg deleted successfully
C:\PROGRA~3\Hi-Rez Studios deleted successfully
C:\PROGRA~3\LumaEmu_SteamCloud deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\Validity deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{AFF99647-6D64-46F2-934A-F12F468037F6} deleted successfully
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Users\Default\AppData\LocalLow deleted successfully
C:\Users\luke1\AppData\Local\NetworkTiles deleted successfully
C:\Users\luke1\AppData\Local\VirtualStore deleted successfully
C:\Users\lukec\AppData\Local\NetworkTiles deleted successfully
C:\Users\lukec\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~2\UnitSender not found
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{AFF99647-6D64-46F2-934A-F12F468037F6} not found
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\Users\luke1\AppData\Local\AVG Web TuneUp deleted
C:\PROGRA~2\DiRT 3 Complete Edition deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\Program Files\AVG Web TuneUp deleted
C:\PROGRA~3\1-0-0-0.txt deleted
C:\PROGRA~3\HirezPipeError.txt deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\Avg_Update_0414c deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted

==== Chromium Look ======================

Google Chrome Version: 44.0.2403.107

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01.05.2015 11:17]

Tampermonkey - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Java API Search - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphfngjamcomlehblpblaacingmaojnm
Free Smileys & Emoticons - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm
AdBlock - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Project Axeman - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpilgbpoogpebhhfbbgpaebkndebmee
Downloads - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb
Skype Click to Call - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Travian 4+ - luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepojmfcppdkejgpdeiiaabcljmlpfpo
Tampermonkey - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
Java API Search - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\dphfngjamcomlehblpblaacingmaojnm
Free Smileys & Emoticons - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm
AdBlock - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Project Axeman - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpilgbpoogpebhhfbbgpaebkndebmee
Downloads - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb
Skype Click to Call - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Travian 4+ - lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pepojmfcppdkejgpdeiiaabcljmlpfpo

==== Chromium Startpages ======================

C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Preferences
12DBF6B5DE2AA99C388A9897C0B5A862048B340A9F6309B90","gighmmpiobklfepjocnamgkkbiglidom":"AD78C551D31664DFDBF099F3C566FA24260A014A984F857289B252EC7344C1F7","jdpilgbpoogpebhhfbbgpaebkndebmee":"B2526AB62C4B63103F7D19BFCCB77CDEBF821447DCCDECC985D1FDCAF3C9455F","jfchnphgogjhineanplmfkofljiagjfb":"2BC799E9E5035F788D010FDE68BC9A2408A7C410F04475A1AA0E3E3A56AA9731","kmendfapggjehodndflmmgagdbamhnfd":"FAF329DAB630420ED248FDF7E0EABDA4FDB614899AEF06B757D38D74CCB5384E","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"EB885A4FE95C71301D5C11B06D11C97C7F68A42B41FDEA00FE5F1FAB952ADEC5","mfehgcgbbipciphmccgaenjidiccnmng":"107BD7075C03705E695225896752DE39C1A7BC7F7DC6C290535D31F3C9E50D4E","mfffpogegjflfpflabcdkioaeobkgjik":"AC905906BC8127BA74D632C38B045D12FBF5CBA7E11DBC83FCD92BD4BC3C7DB6","mgndgikekgjfcpckkfioiadnlibdjbkf":"27C91A3BBD375B3FB9C280CD8BCE0CD3BA970E3E9533E560469018CC06B2A926","mhjfbmdgcfjbbpaeojofohoefgiehjai":"C49CBC2F85FB555F66BBF514260E3ADB44EEA909CF8F5EC88B9AACE8D5D06D3B","neajdppkdcdipfabeoofebfddakdcjhd":"9CAA30F5031F8B891E7799F1B0A7F09CA09D775BBCB5D12E5464C7D9818F94B5","nkeimhogjdpnpccoofpliimaahmaaome":"FA09DB4D0E427ED0B3DB70ACF27BF47C9223B33FB8DEA6ECFEBAA7B31FD57A5B","nmmhkkegccagdldgiimedpiccmgmieda":"D8E7C42DCF859AC3ECF6FD8E88D84D822FB7F50201B798059C46C5AFCD10C9C9","ofmpffnppnlgkgmbgidhhjcglloeejpg":"14351647330794877E3E4049ED59754A00E97734EB19FA3B70061FC23F3B773E","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"9293F7E692054FCD196D5FCEE2E38F3F92634F329C6F644EFD23B24EC368E3ED","pepojmfcppdkejgpdeiiaabcljmlpfpo":"DACB7175139F57E644C59865A0B8EECA048CDC772C8BE3DC4206C4472DE5F52F","pjkljhegncpnkpknbcohdijeoejaedia":"6C5E4979C64353D9558D6665CBE6C92F8ACDBA3C1C1A14FF06C5447F264F2725"}},"google":{"services":{"account_id":"DB8B801DFC6A0B02703827BB5ABFE799B8521844731D9E4D121BB9332C28B4B9","last_username":"4D41B5B6CF0848268B2567BE8F2FEE1191168F08188FD963759FE735A5DBF4F9","username":"0CFA7EB347E1886F84D5187751C2A610153C37ED6AC6A4C8F26DDA5EAF0158B2"}},"homepage":"29ED1458F6DECC22E1EB4AF3DF832B2BA5F642E88ADD25E1AABEF09B3B1BEE5D","homepage_is_newtabpage":"009A61628913C87E6B15434737171F10F4C224A0B3E69D085C4CFC1DCDA211A4","pinned_tabs":"508598626064CCDA4E2C99BA3048755B1B7E2EAD37C365F8DB1F61DBEBF42888","prefs":{"preference_reset_time":"717F13B17465CB2FFF4FDCFF24A41FA22B45BD6178E4ABD8F8B5E18C8C48CBDC"},"profile":{"reset_prompt_memento":"734A97099BAC2CC97B93744B05ABBEE4B85DB5791240D83CBF055D2509ABB939"},"safebrowsing":{"incidents_sent":"D4C44C0F85FA251192FFB7BAE9C31369DB84C6B702D0DECFF50CB0D09472BB44"},"search_provider_overrides":"BE6BED451A95F9D9A7839F340EE184570917FB7EEAB4DA153B365F3938444CF6","session":{"restore_on_startup":"037E8EB9F67F06F103F2D29CDBD26F0C68F7EC691A89F351CC1C223100462836","startup_urls":"2B250BDC1A4C7B9E4FA2E9D0EBB6CB7DE7BCBB6094FCC2F75E14404CD5073545"},"software_reporter":{"prompt_reason":"149B2924C4FF2919BD15242E72A9ECD98175A7531DE3ECE126F3AFA8DF1CFD8C","prompt_seed":"54BA3FE6C29AB45ED47420359E6D8BB3822836CC036DDA901BE536EC2E74B8A7","prompt_version":"F3AFE1FAFC1441453AED144325203E5826F0B384E4A57A4802690F599B49FFD5"},"sync":{"remaining_rollback_tries":"39C533DBBD06A1269AE6BEDE5E99E43A719D5E0F3629F09B21A2578ECC37AD3F"}},"super_mac":"9BC90F3ABA0F7B8A14D7338A9C90740FD5A04114622ABE55EF964EE1F6BC5635"},"session":{"restore_on_startup":4,"startup_urls":["http://www.seznam.cz/"]},"sync":{"remaining_rollback_tries":0}}

C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Preferences
ejgpdeiiaabcljmlpfpo":"DAA74E0ACCADB0A21EE177E0FC9F61502D481A162A1C54B2ECEEA4F29DB130ED","pfndaklgolladniicklehhancnlgocpp":"21EFE29C1414D2B2D3D7C203E3B9FC6E72D452C10B8E32637261D86E87304D06","pjkljhegncpnkpknbcohdijeoejaedia":"0F4236A127C71E9DB8035817F1D32F0D0B5F2DFE08E3C53128DE90C89F324D4C"}},"google":{"services":{"last_username":"4D41B5B6CF0848268B2567BE8F2FEE1191168F08188FD963759FE735A5DBF4F9","username":"D6FD721890CC8C5CC7C2041D482FAD0B209C13D2B571722D2E7CDE9C03FF8BC1"}},"homepage":"29ED1458F6DECC22E1EB4AF3DF832B2BA5F642E88ADD25E1AABEF09B3B1BEE5D","homepage_is_newtabpage":"009A61628913C87E6B15434737171F10F4C224A0B3E69D085C4CFC1DCDA211A4","pinned_tabs":"508598626064CCDA4E2C99BA3048755B1B7E2EAD37C365F8DB1F61DBEBF42888","prefs":{"preference_reset_time":"717F13B17465CB2FFF4FDCFF24A41FA22B45BD6178E4ABD8F8B5E18C8C48CBDC"},"profile":{"reset_prompt_memento":"734A97099BAC2CC97B93744B05ABBEE4B85DB5791240D83CBF055D2509ABB939"},"safebrowsing":{"incidents_sent":"D4C44C0F85FA251192FFB7BAE9C31369DB84C6B702D0DECFF50CB0D09472BB44"},"search_provider_overrides":"BE6BED451A95F9D9A7839F340EE184570917FB7EEAB4DA153B365F3938444CF6","session":{"restore_on_startup":"037E8EB9F67F06F103F2D29CDBD26F0C68F7EC691A89F351CC1C223100462836","startup_urls":"2B250BDC1A4C7B9E4FA2E9D0EBB6CB7DE7BCBB6094FCC2F75E14404CD5073545"},"software_reporter":{"prompt_reason":"149B2924C4FF2919BD15242E72A9ECD98175A7531DE3ECE126F3AFA8DF1CFD8C","prompt_seed":"54BA3FE6C29AB45ED47420359E6D8BB3822836CC036DDA901BE536EC2E74B8A7","prompt_version":"F3AFE1FAFC1441453AED144325203E5826F0B384E4A57A4802690F599B49FFD5"},"sync":{"remaining_rollback_tries":"39C533DBBD06A1269AE6BEDE5E99E43A719D5E0F3629F09B21A2578ECC37AD3F"}},"super_mac":"4E6AC62DF93A86779E69BD5B52A4533B329AE39CBE873074779800C82895F008"},"session":{"restore_on_startup":4,"startup_urls":["http://www.seznam.cz/"]},"sync":{"remaining_rollback_tries":0}}


==== Chromium Fix ======================

C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm deleted successfully
C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"First Home Page"="http://www.bing.com?pc=CMNTDFJS"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Web Data will be reset at reboot
C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\luke1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\luke1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\lukec\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12949 folders=1583 14982286652 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\luke1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Web Data" not deleted
"C:\Users\luke1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal" not deleted

==== EOF on 29.07.2015 at 18:32:40,93 ======================


A hlásím, že už to funguje.. Uvidíme na jak dlouho, prozatím děkuji za pomoc.

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[bonynek]

Tak bohužel combofix nefunguje na windowsu 10, když to spustím v režimu kompatibility tak to píše, že to v tomto režimu spustit nejde, tudíž na desítkách to nerozjedu

[jaro3]

Moje chyba.

Vlož log z HJT:
viewtopic.php?f=70&t=5119


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[bonynek]

Přikládám logy, log FRST obsahoval moc znaků, tudíž jsem ho musel dát do přílohy.

HJT log

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:54:58, on 31.07.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16384)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\luke1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\luke1\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem17.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12981 bytes

[jaro3]

Odinstaluj:
AVG Web TuneUp
Advanced SystemCare 7

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Aktualizuj javu:
[url= http://www.oracle.com/technetwork/java/ ... 33155.html
]Java SE Runtime Environment 8[/url]

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3023154953-198692014-4210139472-1079 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
R2 OneSyncSvc_Session1; No ImagePath
3 PimIndexMaintenanceSvc; No ImagePath
R3 PimIndexMaintenanceSvc_Session1; No ImagePath
S3 UnistoreSvc; No ImagePath
R3 UnistoreSvc_Session1; No ImagePath
S3 UserDataSvc; No ImagePath
R3 UserDataSvc_Session1; No ImagePath
NETSVC: dosvc -> No ServiceDLL Path.
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0924ab9eca45.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8e25122e9307.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0924ab9eca45
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8e25122e9307
Task: {07BA7E40-485C-408B-ADA4-460523308441} - System32\Tasks\GoogleUpdateTaskMachineCore1d0924ab9eca45 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {0B3EE970-EC6C-4B42-8F57-03088B4DD55B} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8e25122e9307 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {82B68E5D-FE3D-468C-868E-C10A19D8DE0F} - \SpeechRuntimeTask No Task File <==== ATTENTION
Task: {999FD809-49A8-470F-B86C-53E65F9AF16D} - System32\Tasks\GoogleUpdateTaskMachineCore1d04254caf86047 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: {A697B652-EEB0-4248-A4F1-403B28458558} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-16] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d04254caf86047.job => 0x000A0100D2A5B27EAB782A43A30F05EAFDA5829046006803000000003C000A0020000000FFFFFFFF000000000313040000008001000000000000000000000000000000000000360043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0047006F006F0067006C0065005C005500700064006100740065005C0047006F006F0067006C0065005500700064006100740065002E00650078006500000003002F00630000000000120057004F0052004B00470052004F00550050005C0045005000490043004F004E00240000003B015500640072007E0175006A006500200073006F00660074007700610072006500200047006F006F0067006C006500200061006B007400750061006C0069007A006F00760061006E00FD002E0020004A0065002D006C00690020007400610074006F002000FA006C006F006800610020007A0061006B00E1007A00E1006E00610020006E00650062006F0020007A006100730074006100760065006E0061002C0020006E006500620075006400650020007600E1006101200073006F00660074007700610072006500200047006F006F0067006C00650020007500640072007E016F007600E1006E0020007600200061006B007400750061006C0069007A006F00760061006E00E9006D002000730074006100760075002E00200054006F0020007A006E0061006D0065006E00E1002C0020007E01650020006E0065006D0075007300ED0020006200FD00740020006F00700072006100760065006E00610020007A006A006900610174001B016E00E100200073006C0061006200E10020006D00ED007300740061002000760020007A006100620065007A00700065000D0165006E00ED00200061002000750072000D0169007400E9002000660075006E006B006300650020006E0065006D0075007300ED002000660075006E0067006F007600610074002E00200050006F006B007500640020007400750074006F002000FA006C006F006800750020007E01E10064006E00FD00200073006F00660074007700610072006500200047006F006F0067006C00650020006E00650070006F0075007E01ED007600E1002C002000730061006D00610020007300650020006F00640069006E007300740061006C0075006A0065002E000000000008000313040000000000020030000000CF0701000100000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF070500130000000000000011002C0000000000000000000000000001000000010000000000000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0924ab9eca45.job => 0x000A010075F759A2323E3A4DA8605C72ABCD2C6146006803000000003C000A0020000000FEFFFFFF000000000013040000008021DF07070005001F000A002C001A0034010000360043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0047006F006F0067006C0065005C005500700064006100740065005C0047006F006F0067006C0065005500700064006100740065002E00650078006500000003002F00630000000000120057004F0052004B00470052004F00550050005C0045005000490043004F004E00240000003B015500640072007E0175006A006500200073006F00660074007700610072006500200047006F006F0067006C006500200061006B007400750061006C0069007A006F00760061006E00FD002E0020004A0065002D006C00690020007400610074006F002000FA006C006F006800610020007A0061006B00E1007A00E1006E00610020006E00650062006F0020007A006100730074006100760065006E0061002C0020006E006500620075006400650020007600E1006101200073006F00660074007700610072006500200047006F006F0067006C00650020007500640072007E016F007600E1006E0020007600200061006B007400750061006C0069007A006F00760061006E00E9006D002000730074006100760075002E00200054006F0020007A006E0061006D0065006E00E1002C0020007E01650020006E0065006D0075007300ED0020006200FD00740020006F00700072006100760065006E00610020007A006A006900610174001B016E00E100200073006C0061006200E10020006D00ED007300740061002000760020007A006100620065007A00700065000D0165006E00ED00200061002000750072000D0169007400E9002000660075006E006B006300650020006E0065006D0075007300ED002000660075006E0067006F007600610074002E00200050006F006B007500640020007400750074006F002000FA006C006F006800750020007E01E10064006E00FD00200073006F00660074007700610072006500200047006F006F0067006C00650020006E00650070006F0075007E01ED007600E1002C002000730061006D00610020007300650020006F00640069006E007300740061006C0075006A0065002E000000000008000000000000000000020030000000CF0701000100000000000000000000000000000000000000000000000700000001000000000000000000000030000100DF07070010000000000000000A00280000000000000000000000000001000000010000000000000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf8e25122e9307.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Users\Lukáš\SkyDrive:ms-properties


(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\system32\EPICON_luke1_HistoryPrediction.bin
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/