Kontrola logu

Příspěvekod **jerabina** » 16 zář 2015 21:24

Co MBAM?

+

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

Reklama

Max583 · Příspěvekod **Max583** » 17 zář 2015 10:39

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:30, on 17.09.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
CHROME: 47.0.2510.0

Boot mode: Normal

Running processes:
C:\Program Files\HotkeyP.exe
C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Users\Bohumil\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Bohumil\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Bohumil\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Bohumil\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [HotkeyP] C:\Program Files\HotkeyP.exe 0
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Rainlendar2] C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
O4 - HKLM\..\Policies\Explorer\Run: [60870] C:\PROGRA~3\LOCALS~1\Temp\msaoyae.com
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\Gravelex\Zondom.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HiSuiteOuc64.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
O23 - Service: HuaweiHiSuiteService64.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\WINDOWS\SysWOW64\ssins.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10948 bytes

RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10240) 64 bits version
Spuštěno : Normální režim
Uživatel : Bohumil [Práva správce]
Started from : C:\Users\Bohumil\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 09/17/2015 10:13:43

¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path|VT.Gen:Variant.Adware.Linkury.6] Gravelex.exe(1964) -- C:\ProgramData\Gravelex\Gravelex.exe[-] -> Zastaveno [TermProc]

¤¤¤ Registry : 11 ¤¤¤
[VT.CoinMiner.621] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | cpuminer : C:\WINDOWS\system32\cpm.exe [7] -> ERROR [0]
[Suspicious.Path|VT.Gen:Variant.Adware.Linkury.6] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Gravelex (C:\ProgramData\Gravelex\Gravelex.exe) -> ERROR [2]
[Suspicious.Path|VT.Gen:Variant.Adware.Linkury.6] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gravelex (C:\ProgramData\Gravelex\Gravelex.exe) -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> Smazáno
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 127.0.0.1:8118 -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([CZECH REPUBLIC (CZ)][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([CZECH REPUBLIC (CZ)][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c} | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([CZECH REPUBLIC (CZ)][-][-]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c} | DhcpNameServer : 77.237.128.2 77.237.128.1 192.168.1.1 ([CZECH REPUBLIC (CZ)][-][-]) -> Nahrazeno ()

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path|VT.Trojan.GenericKD.2724001] \Mighty Checker -- C:\Users\Bohumil\AppData\Roaming\Mighty Checker\Mighty Checker.exe -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 6fc89ac1fc5ed40c08afa9bae13618e7
[BSP] 3e7da328445234df4802ca74a7b8d5e2 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2048 | Size: 1000 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 2582528 | Size: 500 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 3606528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 3868672 | Size: 450051 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 925573120 | Size: 25000 MB
User = LL1 ... OK
User = LL2 ... OK

Zoek.exe v5.0.0.0 Updated 15-09-2015
Tool run by Bohumil on 17.09.2015 at 10:23:17,62.
Microsoft Windows 10 Home 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bohumil\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17.09.2015 10:24:00 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\Users\Bohumil\AppData\Local\CrashDumps deleted successfully
C:\Users\Bohumil\AppData\Local\EmieSiteList deleted successfully
C:\Users\Bohumil\AppData\Local\EmieUserList deleted successfully
C:\Users\Bohumil\AppData\Local\NetworkTiles deleted successfully
C:\Users\Bohumil\AppData\Local\Unity deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93BC2EA7-2F17-4729-948A-D2E03FFB2412} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93BC2EA7-2F17-4729-948A-D2E03FFB2412} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC} deleted successfully
HKEY_USERS\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\5863df14-27db-4d6c-816f-de72e29d6870 deleted
C:\Users\Bohumil\.android deleted
C:\PROGRA~2\baidu deleted
C:\ppsfile deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Bohumil\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Bohumil\AppData\Local\sandex.exe.config deleted
C:\Users\Bohumil\AppData\Local\Singleholding.exe.config deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fcgnigmofekcllgbiejhmigggmgehkip - No path found[]

internetquickaccess - Bohumil\AppData\Local\Chromium\User Data\Default\Extensions\ddlhogjgfofpgmkognopimmilcldcepb
Wiki-Search.me - Bohumil\AppData\Local\Chromium\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
AdBlock - Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Seznam LiĹˇtiÄŤka - Email - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam LiĹˇtiÄŤka - SlovnĂk - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
AdBlock - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Seznam LiĹˇtiÄŤka - RychlĂˇ volba - Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"SearchAssistant"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2EPGHUQ4lnINRKtLvi7Nwthpf-awypcYR32RZr3jkSy_SQ5pi_GJu_2rlJaHJ6XTHQt4ZFSH7TIemFChyKaZjfg09P04qzFMf-n-T6VFBVHHyCIzhqv8FUhQ2DARgJf2bfH_xf1NfnYq-Xp&q={searchTerms}"
"Default_Search_URL"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{A54CC0C7-8C6C-4F52-BEB7-A5DDCD993D32}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A54CC0C7-8C6C-4F52-BEB7-A5DDCD993D32}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902"
{04EB9A24-4863-4637-81DE-44E4FED285B5} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902"
{B4C9182C-B3DD-4AE5-A2F4-F23177234088} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902"
{C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902"
{D5F1808B-2BBB-451A-96D4-D47759B20391} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902"
{F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902"
{FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902"

==== Reset Google Chrome ======================

C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences was reset successfully
C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data was reset successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bohumil\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Bohumil\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Bohumil\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=18 folders=16 9186968 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Bohumil\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 17.09.2015 at 10:33:34,99 ======================

Zatím šlape dobře tak snad to vzdrží.

Příspěvekod **jaro3** » 17 zář 2015 14:36

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

neudělal si...

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Bohumil\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Bohumil\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Google Update] "C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe" /c

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\jmesoft\ServiceLoader.exe
C:\ProgramData\Gravelex\Zondom.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Max583 · Příspěvekod **Max583** » 17 zář 2015 16:19

https://www.virustotal.com/cs/file/2c58 ... /analysis/
Tu druhou adresu C:\ProgramData\Gravelex\Zondom.dll jsem v pc nenašel

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 17.09.2015
Čas skenování: 15:19
Protokol: Mbam.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.17.03
Databáze rootkitů: v2015.08.16.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Bohumil

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 356779
Uplynulý čas: 14 min, 1 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe, Do karantény, [5a9d949c8efda0961f10562c23e130d0],
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Gravelex, Do karantény, [28cf1f1117743ff75a271db1bc4828d8],
PUP.Optional.IQIYIVideo, HKLM\SOFTWARE\MOZILLAPLUGINS\@iqiyi.com/npWebPlayer, Do karantény, [6691989824675bdb91e08816c73d758b],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtGravelex, Do karantény, [ec0b9b950685ba7c8df27658fd07ba46],
PUP.Optional.WdsManPro, HKLM\SOFTWARE\WOW6432NODE\WdsManPro, Do karantény, [45b2e34d6724e353d622814abc4845bb],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Gravelex_RASAPI32, Do karantény, [a750111fc9c27cba047c359946be6a96],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Gravelex_RASMANCS, Do karantény, [8671eb459cef68cea7d9f1dd8d77de22],
PUP.Optional.ApplicationHosting, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Application Hosting.exe, Do karantény, [5c9b9a963c4f082e9c93156dc63ea45c],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Gravelex, Do karantény, [3bbc83adb5d6ed495928d3fbbf4531cf],

Hodnoty registru: 7
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|60870, C:\PROGRA~3\LOCALS~1\Temp\msaoyae.com, Do karantény, [5f98f23ea4e7340237135da46a9ad828]
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|60870, C:\PROGRA~3\LOCALS~1\Temp\msaoyae.com, Do karantény, [5f98f23ea4e7340237135da46a9ad828]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS, MyBrowser, Do karantény, [985f131d2269c37390ea537839cb639d]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|StubPath, "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\39.5.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level, Do karantény, [e90e7bb52b60280e55258a41e51f56aa]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS|Localized Name, MyBrowser, Do karantény, [27d0b57b56350234d2a8f1da35cf40c0]
PUP.Optional.Linkury, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\ENVIRONMENT|SNF, C:\ProgramData\Gravelexs\snp.sc, Do karantény, [f205b7795239082e69779a069f6514ec]
PUP.Optional.Linkury, HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F. ... llDate=11., Do karantény, [18dfa987692286b0a0413c644cb89967]

Data registru: 3
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Gravelex\Inchsaohome.dll, Dobré: (), Špatné: (C:\ProgramData\Gravelex\Inchsaohome.dll),Nahrazeno,[bc3b062a9eed8ea819ab78b338cba759]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Gravelex\Zondom.dll, Dobré: (), Špatné: (C:\ProgramData\Gravelex\Zondom.dll),Nahrazeno,[bc3b062a9eed8ea819ab78b338cba759]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),Nahrazeno,[35c269c7d0bbf046909bf47a986d8b75]

Složky: 5
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\wv5ybjq1.ad1, Do karantény, [de1918185d2e2511e6ea6e329371fb05],
PUP.Optional.Linkury, C:\ProgramData\Gravelex, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\ondemand, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\temp, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs, Do karantény, [a84f79b74c3f43f35e67f932be45827e],

Soubory: 32
Trojan.Agent, C:\Windows\SysWOW64\msratingn.dll, Do karantény, [1bdc6fc1b3d869cd621a578741c0768a],
Adware.Agent, C:\Users\Bohumil\Downloads\Rainlendar-Lite-2.8.1-32bit.exe, Do karantény, [7b7c79b74d3eaf873c9b07d2e41d8a76],
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\wv5ybjq1.ad1\InstallationConfiguration.xml, Do karantény, [de1918185d2e2511e6ea6e329371fb05],
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\wv5ybjq1.ad1\uninstall.exe.config, Do karantény, [de1918185d2e2511e6ea6e329371fb05],
PUP.Optional.Linkury, C:\Program Files (x86)\Common Files\wv5ybjq1.ad1\uninstall.ico, Do karantény, [de1918185d2e2511e6ea6e329371fb05],
Trojan.Agent, C:\ProgramData\Local Settings\Temp\msaoyae.com, Do karantény, [5f98f23ea4e7340237135da46a9ad828],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\AlphaKaytrax.dll, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\conf.config, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Config.xml, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Ding-Fresh.exe, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Ding-Fresh.exe.config, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Gravelex.exe, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Gravelex.exe.config, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Hotfax.exe, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Hotfax.exe.config, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Inchsaohome.dll, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Lam-Warm.dll, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\PrxCfg.xml, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Salthold.exe, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Salthold.exe.config, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\TinString.bin, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\TipSonkix.bin, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\uninstall.exe, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Volphase.exe, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Volphase.exe.config, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Warmwarm.dll, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\X--Top.bin, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Zerjob.bin, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelex\Zondom.dll, Do karantény, [bc3b062a9eed8ea819ab78b338cba759],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs\ff.HP, Do karantény, [a84f79b74c3f43f35e67f932be45827e],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs\ff.NT, Do karantény, [a84f79b74c3f43f35e67f932be45827e],
PUP.Optional.Linkury, C:\ProgramData\Gravelexs\snp.sc, Do karantény, [a84f79b74c3f43f35e67f932be45827e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

Max583 · Příspěvekod **Max583** » 17 zář 2015 16:19

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Bohumil (2015-09-17 16:06:06)
Running from C:\Users\Bohumil\Desktop
Windows 10 Home (X64) (2015-07-31 16:43:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2167593211-4253963868-4146078775-500 - Administrator - Disabled)
Bohumil (S-1-5-21-2167593211-4253963868-4146078775-1001 - Administrator - Enabled) => C:\Users\Bohumil
DefaultAccount (S-1-5-21-2167593211-4253963868-4146078775-503 - Limited - Disabled)
Guest (S-1-5-21-2167593211-4253963868-4146078775-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
Google Chrome Canary (HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Google Chrome SxS) (Version: 47.0.2510.0 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.55.00.06 - Huawei Technologies Co.,Ltd)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware verze 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Seznam Instalátor (HKLM-x32\...\ssinstall) (Version: - Seznam.cz)
Seznam Software (HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{2B44F588-2B80-4DD3-B577-B10B3C6865EA}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Windows 8 Start menu 2.2 (HKLM-x32\...\Windows 8 Start menu_is1) (Version: - PS Media s.r.o.)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: 16.0.1.9 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Bohumil\AppData\Local\Google\Chrome SxS\Application\47.0.2510.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

02-09-2015 14:23:10 Naplánovaný kontrolní bod
11-09-2015 17:07:47 Windows Update
11-09-2015 17:27:34 Uniblue SpeedUpMyPC installation
14-09-2015 18:21:55 Removed Find the Differences
14-09-2015 18:23:47 Removed Finding the Letters
14-09-2015 18:24:18 Removed Fruits
14-09-2015 18:25:09 Removed Matching Roles
14-09-2015 18:26:51 Removed Puzzle
14-09-2015 18:27:23 Removed sudoku
14-09-2015 18:27:54 Removed timer
15-09-2015 13:15:39 Removed Comparing
16-09-2015 17:15:20 Operace obnovení
16-09-2015 20:38:45 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-17 10:24 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A204B6B-EFCA-4471-85EB-CC254D3F17A9} - \AutoKMS -> No File <==== ATTENTION
Task: {18D13FC4-7DE0-43DD-9E7A-77D6793DDDFB} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-08-17] (Lenovo)
Task: {20633BCC-AE8A-4991-806B-8E2FC42954D3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {24A07B4A-E80D-4CD5-BF57-ED193E9CED62} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {320C949B-38A5-433F-88F3-4F90E45A1E25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {34001973-DC10-447F-AF0A-7F7E74502485} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {49A6F5A7-D589-4DC6-84BD-5B48E74B8B36} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5A4FCF9D-BEFA-468A-A955-E8972BB340B4} - System32\Tasks\txouii => Rundll32.exe "C:\WINDOWS\SysWOW64\msratingn.dll",WLYHHU
Task: {5D56D9D3-9C29-4529-80EC-87A294DF7B66} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {66473B43-F551-422D-B55E-A6EB1BA20D56} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {75699697-B942-4FD1-86A2-C80574017153} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {7B37C5F3-BACA-4B77-A461-5F8C1376C69D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {914FA67B-7E72-4BF7-A7B2-0F04FE3E03E5} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-11] (Adobe Systems Incorporated)
Task: {9CDDBD2F-DB74-4F48-90C7-5D5F7697E679} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {B024EE38-69A6-40EB-84E1-DFE07A309E4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {B7958610-09AD-41CA-8374-6E880D3A049E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {BDB28A6F-EE00-437A-90A5-56A16F8C00F2} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {D0E2D22A-15C3-4C5A-A263-117C237066CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D432F7B6-08C0-4F98-A973-EB097AE61B3B} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {D8A85C2A-2B2D-4691-B6CC-06893F72897D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {DD55D963-4ABD-4C5A-B06D-F1B71DCB0297} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {E0FE1D19-B04E-434A-A75E-1EE443B9AB0B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2015-08-01] (Lenovo)
Task: {ECCEC325-BFB6-43CB-BDA3-6F70636891FA} - System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6} => pcalua.exe -a "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final\TriggerKMS.exe" -d "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final" -c /pause
Task: {F5871F6E-4628-4DCF-B852-ED460255D911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\txouii.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\msratingn.dll

==================== Loaded Modules (Whitelisted) ==============

2015-07-31 19:17 - 2015-07-31 19:17 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 09:18 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-24 11:42 - 2015-05-20 12:46 - 00138544 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2015-08-24 11:42 - 2015-05-20 12:46 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2014-11-04 11:06 - 2011-08-17 06:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2015-08-28 17:37 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:37 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-15 19:07 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:05 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 09:18 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-15 19:07 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:05 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2014-03-16 19:42 - 2014-03-16 19:42 - 02611808 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
2014-11-04 11:06 - 2011-08-17 06:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\lua52.dll
2014-03-14 12:11 - 2014-03-14 12:11 - 00250368 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\libical.dll
2014-03-16 19:42 - 2014-03-16 19:42 - 00060512 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-14 12:11 - 2014-03-14 12:11 - 00065024 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\libicalss.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Users\Bohumil\Downloads\Rainlendar2\lfs.dll
2015-08-26 23:14 - 2015-08-26 23:14 - 03481600 _____ () C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2014-11-04 11:05 - 2013-09-04 02:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-04 11:06 - 2011-05-17 23:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Bohumil\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\Control Panel\Desktop\\Wallpaper -> c:\users\bohumil\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\6429174.jpg
DNS Servers: 77.237.128.2 - 77.237.128.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "LVT"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "jmesoft"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "Zoner Photo Studio Service 16"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4C012B0ED3B9B62D2BB8574BEDF83FCD"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{AA772A9F-F1DA-4C8F-A9CD-002E9684F1B0}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{AF0617D4-A140-43DF-9AB9-6C7CD58F012C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{D2A75E23-E4AF-4547-B3A0-E002A095D152}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3798D3DE-39A0-4A6E-AD81-ED7DD104158E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7544F0A2-6496-49E1-A3A7-CBBE025EB4AD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7ADFCE6D-1EC8-42DF-B6D1-EFA74EA04272}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{C7784EB7-F741-4072-82FD-11933CB865BB}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{44B281DD-340C-4FF9-BB79-A95BBBC4A42D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{95550A46-6857-4A56-A560-1E78B7D805ED}C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5820E510-94FB-4977-AA4B-5628F33E6020}C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\bohumil\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{D1DCEA3B-CBBD-4D2B-9500-B11E153BFD51}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

Name: HID Non-User Input Data Filter
Description: HID Non-User Input Data Filter
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2015 03:35:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LENOVO)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (09/17/2015 12:40:10 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4444) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (09/17/2015 12:40:10 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4444) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (09/17/2015 12:39:59 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4444) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (09/17/2015 12:39:59 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4444) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (09/17/2015 12:39:49 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4444) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (09/17/2015 12:39:49 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4444) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (09/17/2015 12:39:39 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4444) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

Error: (09/17/2015 12:39:39 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (4444) Pokus o vytvoření souboru C:\WINDOWS\system32\edbtmp.log selhal. Došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace vytvoření souboru selže a dojde k chybě -1032 (0xfffffbf8).

Error: (09/17/2015 12:39:28 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (4444) Nový soubor protokolu se nedá vytvořit, protože databáze nemůže zapisovat na jednotku protokolu. Jednotka může být jen pro čtení, špatně nakonfigurovaná nebo poškozená nebo na ní nemusí být dost místa. Chyba: -1032

System errors:
=============
Error: (09/17/2015 03:35:37 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: NuidFltr.sys

Error: (09/17/2015 03:35:05 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:35:04 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

CodeIntegrity:
===================================
Date: 2015-08-30 13:14:08.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-10 14:23:19.835
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-10 12:07:31.082
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 06:29:30.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-01 18:51:58.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-01 08:26:12.706
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3250T @ 2.80GHz
Percentage of memory in use: 37%
Total physical RAM: 4008.91 MB
Available physical RAM: 2486.75 MB
Total Virtual: 4712.91 MB
Available Virtual: 3186.27 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:342.59 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0611DBD6)

Partition: GPT.

==================== End of Addition.txt ============================

Max583 · Příspěvekod **Max583** » 17 zář 2015 16:20

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Bohumil (administrator) on LENOVO (17-09-2015 16:05:15)
Running from C:\Users\Bohumil\Desktop
Loaded Profiles: Bohumil (Available Profiles: Bohumil)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Petr Laštovička) C:\Program Files\HotkeyP.exe
() C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe
(Google, Inc) C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Windows\jmesoft\JME_LOAD.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27864 2014-12-23] ()
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [HotkeyP] => C:\Program Files\HotkeyP.exe [65536 2008-07-15] (Petr Laštovička)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Rainlendar2] => C:\Users\Bohumil\Downloads\Rainlendar2\Rainlendar2.exe [2611808 2014-03-16] ()
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\...\Run: [Google Photos Backup] => C:\Users\Bohumil\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-08-26] (Google, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2167593211-4253963868-4146078775-1001] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 77.237.128.2 77.237.128.1 192.168.1.1
Tcpip\..\Interfaces\{92d708c8-a8a6-46d2-85ba-93c13404971c}: [DhcpNameServer] 77.237.128.2 77.237.128.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {04EB9A24-4863-4637-81DE-44E4FED285B5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {B4C9182C-B3DD-4AE5-A2F4-F23177234088} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {D5F1808B-2BBB-451A-96D4-D47759B20391} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2167593211-4253963868-4146078775-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2167593211-4253963868-4146078775-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Bohumil\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-31]
CHR Extension: (Google Docs) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-31]
CHR Extension: (Google Drive) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-31]
CHR Extension: (YouTube) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-31]
CHR Extension: (Google Search) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-31]
CHR Extension: (Google Sheets) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-31]
CHR Extension: (AdBlock) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Bohumil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-31]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1438412936&z=db8b68ba6931a08beedd835g5z0c1b0zbgao2bct9g&from=cvs&uid=ST500DM002-1BD142_S2AYB7KVXXXXS2AYB7KV"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-20] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-20] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 ssinstall; C:\WINDOWS\SysWOW64\ssins.exe [2324216 2015-07-31] (PS Media s.r.o.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2015-05-07] (Huawei Technologies Co., Ltd.)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 16:05 - 2015-09-17 16:05 - 00017139 _____ C:\Users\Bohumil\Desktop\FRST.txt
2015-09-17 16:04 - 2015-09-17 16:05 - 00000000 ____D C:\FRST
2015-09-17 16:03 - 2015-09-17 16:03 - 02191360 _____ (Farbar) C:\Users\Bohumil\Desktop\FRST64.exe
2015-09-17 15:40 - 2015-09-17 15:40 - 00000000 ____D C:\Users\Bohumil\Downloads\backups
2015-09-17 15:36 - 2015-09-17 15:36 - 00016148 _____ C:\WINDOWS\system32\LENOVO_Bohumil_HistoryPrediction.bin
2015-09-17 15:34 - 2015-09-17 15:34 - 00008660 _____ C:\Users\Bohumil\Desktop\Mbam.txt
2015-09-17 15:24 - 2015-09-17 15:24 - 00000000 ____D C:\Users\Bohumil\Desktop\Microsoft Office 2010 Professional Plus 32bit
2015-09-17 15:18 - 2015-09-17 15:36 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-17 15:18 - 2015-09-17 15:33 - 00001180 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-17 15:18 - 2015-09-17 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-17 15:18 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-17 15:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-17 15:18 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-17 15:17 - 2015-09-17 15:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Bohumil\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-17 15:17 - 2015-09-17 15:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Bohumil\Desktop\mbam-setup-2.1.8.1057 (1).exe
2015-09-17 15:07 - 2015-09-17 15:07 - 00000000 ____D C:\Users\Bohumil\AppData\Local\NetworkTiles
2015-09-17 11:17 - 2015-09-17 11:17 - 00331053 _____ C:\Users\Bohumil\Downloads\kavremvr 2015-09-17 11-17-10 (pid 1196).log
2015-09-17 11:16 - 2015-09-17 11:16 - 03686800 _____ (Kaspersky Lab ZAO) C:\Users\Bohumil\Downloads\kavremover11.exe
2015-09-17 11:06 - 2015-09-17 11:06 - 05159424 _____ C:\Users\Bohumil\Downloads\WindowsDefender.msi
2015-09-17 10:46 - 2015-09-17 10:46 - 00000000 ____D C:\Users\Bohumil\AppData\Local\CrashDumps
2015-09-17 10:37 - 2015-09-17 10:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bohumil\Downloads\HijackThis.exe
2015-09-17 10:33 - 2015-09-17 10:33 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-09-17 10:32 - 2015-09-17 10:23 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-17 10:23 - 2015-09-17 10:33 - 00012232 _____ C:\zoek-results.log
2015-09-17 10:23 - 2015-09-17 10:31 - 00000000 ____D C:\zoek_backup
2015-09-17 09:44 - 2015-09-17 15:35 - 00011830 _____ C:\WINDOWS\PFRO.log
2015-09-17 09:40 - 2015-09-17 10:41 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-16 21:08 - 2015-09-17 15:37 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-16 21:02 - 2015-09-16 21:02 - 07491896 _____ (Kaspersky Lab ZAO) C:\Users\Bohumil\Desktop\kavremover.exe
2015-09-16 20:44 - 2015-09-17 10:03 - 00037624 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-16 20:44 - 2015-09-16 20:54 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-16 20:40 - 2015-09-17 15:46 - 00002129 _____ C:\WINDOWS\setupact.log
2015-09-16 20:40 - 2015-09-16 20:40 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-16 17:01 - 2015-09-16 17:01 - 00000000 _____ C:\Users\Bohumil\Downloads\ChromeSetup_exe (1).bhhl0e2.partial
2015-09-16 16:58 - 2015-09-16 16:58 - 00000000 _____ C:\Users\Bohumil\Downloads\ChromeSetup_exe.1i1v3gy.partial
2015-09-16 15:10 - 2015-09-17 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-16 15:10 - 2015-09-16 15:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-16 10:46 - 2015-09-17 15:38 - 00011027 _____ C:\Users\Bohumil\Downloads\hijackthis.log
2015-09-15 16:41 - 2015-09-15 16:41 - 00000110 ____H C:\Users\Bohumil\Desktop\DSCN2864.JPG.uid-zps
2015-09-15 16:29 - 2015-09-15 17:34 - 00000000 ____D C:\Users\Bohumil\Desktop\outl
2015-09-15 10:08 - 2015-09-15 10:08 - 00112867 _____ C:\Users\Bohumil\Downloads\Zakázkový-list---vzor,-tiskopis,-formulář-ke-stažení-online-zdarma---MUDr.-Zbyněk-Mlčoch.htm
2015-09-15 09:57 - 2015-09-16 17:26 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdmWin
2015-09-15 09:56 - 2015-09-15 09:56 - 04017921 _____ C:\Users\Bohumil\Downloads\AdmWin-6.04.zip
2015-09-15 09:47 - 2011-03-21 04:50 - 01081616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2015-09-15 09:40 - 2015-09-15 09:40 - 00036864 _____ C:\Users\Bohumil\Downloads\zakazkovy-list.xls
2015-09-15 09:29 - 2015-09-15 09:29 - 08341727 _____ (AdmWin ) C:\Users\Bohumil\Downloads\Setup_AdmWinDEserv.exe
2015-09-15 05:23 - 2015-09-16 17:26 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2015-09-14 17:53 - 2015-09-14 17:55 - 00000000 ____D C:\Users\Bohumil\Desktop\Promoce
2015-09-13 09:23 - 2015-09-13 09:23 - 02662704 _____ (Google) C:\Users\Bohumil\Downloads\gpautobackup_setup.exe
2015-09-13 08:57 - 2015-09-13 09:06 - 00000000 ____D C:\Users\Bohumil\Desktop\Foto Kateřina
2015-09-11 20:25 - 2015-09-11 20:25 - 00000000 ____D C:\Users\Bohumil\Downloads\Rainlendar2
2015-09-11 20:25 - 2015-09-11 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
2015-09-11 20:24 - 2015-09-11 20:24 - 15151864 _____ C:\Users\Bohumil\Downloads\Rainlendar-Lite-2.12.2-32bit.exe
2015-09-11 20:24 - 2015-09-11 20:24 - 00078825 _____ C:\Users\Bohumil\Downloads\Czech.r2lang
2015-09-11 17:26 - 2015-09-17 15:22 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-11 17:26 - 2015-09-11 17:38 - 00000000 ____D C:\Users\Bohumil\AppData\Local\Chromium
2015-09-11 17:26 - 2015-09-11 17:26 - 00003890 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-09-11 17:16 - 2015-09-11 17:16 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Mozilla
2015-09-11 17:15 - 2015-09-17 15:35 - 00000326 _____ C:\WINDOWS\Tasks\txouii.job
2015-09-11 17:15 - 2015-09-11 17:15 - 00002646 _____ C:\WINDOWS\System32\Tasks\txouii
2015-09-11 17:14 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-09-11 17:06 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-11 17:06 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-11 17:06 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-11 17:06 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-11 17:06 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-11 17:06 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-11 17:06 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-11 17:06 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-11 17:06 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-11 17:06 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-11 17:06 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-11 17:06 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-11 17:06 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-11 17:06 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-11 17:06 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-11 17:06 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-11 17:06 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-11 17:06 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-11 17:06 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-11 17:06 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-11 17:06 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-11 17:06 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-11 17:06 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-11 17:06 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-11 17:06 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-11 17:06 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-11 17:06 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-11 17:06 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-11 17:06 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-11 17:06 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-11 17:06 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-11 17:06 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 11:10 - 2015-09-08 11:10 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-09-08 11:09 - 2015-09-08 11:09 - 08374576 _____ (Microsoft Corporation) C:\Users\Bohumil\Downloads\proofingtools_cs-cz-x64.exe
2015-09-08 10:48 - 2015-09-08 11:07 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Skype
2015-09-08 10:48 - 2015-09-08 10:48 - 00000000 ____D C:\Users\Bohumil\AppData\Local\Skype
2015-09-08 10:47 - 2015-09-17 15:33 - 00002652 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-08 10:47 - 2015-09-08 10:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-09-08 10:47 - 2015-09-08 10:48 - 00000000 ____D C:\ProgramData\Skype
2015-09-08 10:47 - 2015-09-08 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-08 10:46 - 2015-09-08 10:46 - 01494048 _____ (Skype Technologies S.A.) C:\Users\Bohumil\Downloads\SkypeSetup.exe
2015-09-08 10:06 - 2015-09-17 15:18 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job
2015-09-08 10:06 - 2015-09-16 17:26 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2015-09-08 10:06 - 2015-09-15 05:18 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job
2015-09-08 10:06 - 2015-09-15 05:13 - 00004106 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA
2015-09-08 10:06 - 2015-09-15 05:13 - 00003730 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core
2015-09-08 10:06 - 2015-09-08 10:06 - 00929360 _____ (Google Inc.) C:\Users\Bohumil\Downloads\ChromeSetup (1).exe
2015-09-06 07:39 - 2015-09-06 07:39 - 06667640 _____ (Piriform Ltd) C:\Users\Bohumil\Downloads\ccsetup509 (1).exe
2015-09-06 07:38 - 2015-09-06 07:39 - 06667640 _____ (Piriform Ltd) C:\Users\Bohumil\Downloads\ccsetup509.exe
2015-09-02 15:20 - 2015-09-02 15:21 - 224387072 _____ C:\Users\Bohumil\Downloads\libreoffice_4.4.3.msi
2015-09-02 13:50 - 2015-09-02 13:55 - 908736213 _____ C:\Users\Bohumil\Downloads\H30-U10_V100R001C432B306.zip
2015-08-30 13:04 - 2015-09-17 15:33 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2015-08-30 13:04 - 2015-08-30 13:07 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\uTorrent
2015-08-30 12:42 - 2015-08-30 12:42 - 00003430 _____ C:\WINDOWS\System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6}
2015-08-30 11:33 - 2015-08-30 11:33 - 00000000 ____D C:\WINDOWS\system32\TokensBackup
2015-08-30 10:25 - 2015-09-14 15:57 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Mighty Checker
2015-08-28 17:37 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 17:37 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 17:37 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 17:37 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 17:37 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 17:37 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 17:37 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 17:37 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:37 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 17:37 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 17:37 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 17:37 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 17:37 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 17:37 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 17:37 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 17:37 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 17:37 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 17:37 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 17:37 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 17:37 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 17:37 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 17:37 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 17:37 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 17:37 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 17:37 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 17:37 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 17:37 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 17:37 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 17:37 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 17:37 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 17:37 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 17:37 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 17:37 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 17:37 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 17:37 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 17:37 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 17:37 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 17:37 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 17:37 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 17:37 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 17:37 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 12:30 - 2015-08-28 12:30 - 00000110 ____H C:\Users\Bohumil\Desktop\IMG_20150828_122404.jpg.uid-zps
2015-08-28 12:30 - 2015-08-28 12:30 - 00000110 ____H C:\Users\Bohumil\Desktop\IMG_20150828_122011.jpg.uid-zps
2015-08-28 12:30 - 2015-08-28 12:30 - 00000110 ____H C:\Users\Bohumil\Desktop\IMG_20150828_121907.jpg.uid-zps
2015-08-28 12:27 - 2015-08-28 12:27 - 00000110 ____H C:\Users\Bohumil\Desktop\IMG_20150828_121858.jpg.uid-zps
2015-08-26 11:40 - 2015-08-26 11:40 - 01405720 _____ C:\WINDOWS\system32\cpm.exe
2015-08-25 18:51 - 2015-08-25 18:51 - 00031903 _____ C:\Users\Bohumil\Downloads\Terminy_SZZ_srpen_2015.xlsx
2015-08-24 11:42 - 2015-09-17 15:33 - 00001069 _____ C:\Users\Public\Desktop\HiSuite.lnk
2015-08-24 11:42 - 2015-08-24 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2015-08-24 11:42 - 2015-08-24 11:42 - 00000000 ____D C:\ProgramData\HiSuiteOuc
2015-08-24 11:42 - 2015-08-24 11:42 - 00000000 ____D C:\ProgramData\HandSetService
2015-08-24 11:42 - 2015-05-07 13:40 - 02152176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2015-08-24 11:42 - 2015-05-07 13:40 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
2015-08-24 11:42 - 2015-05-07 13:40 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2015-08-24 11:42 - 2015-05-07 13:40 - 00287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2015-08-24 11:42 - 2015-05-07 13:40 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2015-08-24 11:42 - 2015-05-07 13:40 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2015-08-24 11:41 - 2015-08-24 11:42 - 00000000 ____D C:\Program Files (x86)\HiSuite
2015-08-24 11:40 - 2015-08-24 11:42 - 35721505 _____ C:\Users\Bohumil\Downloads\HiSuiteSetup_2.3.55.1.zip
2015-08-24 11:21 - 2015-08-24 11:21 - 00000381 _____ C:\Users\Bohumil\Downloads\HuaweiHonor3CPlay_lollipop_software.torrent
2015-08-20 10:47 - 2015-08-20 10:47 - 00000110 ____H C:\Users\Bohumil\Desktop\IMG_20150820_102629.jpg.uid-zps
2015-08-19 09:18 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 09:18 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 09:18 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 09:18 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 09:18 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 09:18 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 09:18 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 09:18 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 09:18 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 09:18 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 09:18 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 09:18 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 09:18 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 09:18 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 09:18 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 09:18 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 09:18 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 09:18 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 09:18 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 09:18 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 09:18 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 09:18 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 09:18 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 09:18 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 09:18 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 09:18 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 09:18 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 09:18 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 09:18 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 09:18 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 09:18 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 09:18 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 09:18 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 09:18 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 09:18 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 09:18 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 09:18 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 09:18 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 09:18 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 09:18 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 09:18 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 09:18 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 09:18 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 09:18 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 09:18 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 09:18 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 09:18 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 09:18 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 09:18 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 09:18 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 09:18 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 09:18 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 09:18 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 09:18 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 09:18 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 09:18 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 09:18 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 09:18 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 09:18 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 09:18 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 09:18 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 09:18 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 09:18 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 09:18 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 09:18 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 09:18 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 09:18 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 09:18 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 09:18 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 09:18 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 09:18 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 09:18 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 09:18 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 09:18 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 09:18 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 16:06 - 2015-07-31 18:56 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 15:49 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-17 15:36 - 2015-08-01 08:53 - 00000000 ____D C:\Users\Bohumil\.rainlendar2
2015-09-17 15:36 - 2015-07-31 18:56 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 15:36 - 2015-07-31 18:25 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-17 15:35 - 2015-07-31 19:09 - 00000000 _____ C:\WINDOWS\SysWOW64\sinstall.log
2015-09-17 15:35 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-17 15:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-17 15:35 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-17 15:33 - 2015-08-10 11:33 - 00001976 _____ C:\Users\Public\Desktop\Zoner Photo Studio 16.lnk
2015-09-17 15:33 - 2015-08-01 09:20 - 00000912 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-17 15:33 - 2015-08-01 08:55 - 00001307 _____ C:\Users\Bohumil\Desktop\Hesla.lnk
2015-09-17 15:33 - 2015-08-01 08:00 - 00000817 _____ C:\Users\Bohumil\Desktop\Bohouš.lnk
2015-09-17 15:33 - 2015-07-31 21:22 - 00000915 _____ C:\Users\Bohumil\Desktop\2015.lnk
2015-09-17 15:33 - 2015-07-31 21:17 - 00001665 _____ C:\Users\Bohumil\Desktop\Foto.lnk
2015-09-17 15:33 - 2015-07-31 21:04 - 00001568 _____ C:\Users\Bohumil\Desktop\Peníze.lnk
2015-09-17 15:33 - 2015-07-31 18:48 - 00002379 _____ C:\Users\Bohumil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-17 15:33 - 2015-07-31 18:31 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-17 15:33 - 2014-11-04 11:25 - 00002198 _____ C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk
2015-09-17 15:33 - 2014-11-04 11:21 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2015-09-17 15:33 - 2014-11-04 11:03 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2015-09-17 15:26 - 2015-07-31 18:42 - 01765712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 15:26 - 2015-07-10 18:02 - 00746444 _____ C:\WINDOWS\system32\perfh005.dat
2015-09-17 15:26 - 2015-07-10 18:02 - 00149880 _____ C:\WINDOWS\system32\perfc005.dat
2015-09-17 15:22 - 2015-08-01 09:02 - 00004198 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FFA7102A-B417-4557-B83A-BD9454130D74}
2015-09-17 11:12 - 2015-07-31 19:35 - 00000000 ____D C:\Users\Bohumil\Documents\Soubory aplikace Outlook
2015-09-17 10:31 - 2015-07-31 18:28 - 00000000 ____D C:\Users\Bohumil
2015-09-17 10:31 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2015-09-16 20:32 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-16 20:28 - 2015-07-31 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-16 20:28 - 2014-11-04 11:21 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-09-16 19:14 - 2015-08-01 08:43 - 00000000 ____D C:\Users\Bohumil\AppData\Local\Packages
2015-09-16 18:49 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-16 18:49 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-16 18:29 - 2015-08-08 06:09 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\LSC
2015-09-16 18:28 - 2014-11-04 11:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2015-09-16 18:28 - 2014-11-04 11:27 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-16 18:28 - 2014-11-04 11:20 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-09-16 17:25 - 2014-11-04 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-09-16 17:25 - 2014-11-04 11:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-16 17:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\registration
2015-09-16 17:18 - 2015-08-01 08:43 - 00000000 ____D C:\Users\Bohumil\AppData\Local\VirtualStore
2015-09-16 17:18 - 2015-08-01 08:41 - 00000000 ____D C:\Users\Bohumil\AppData\Roaming\Macromedia
2015-09-16 17:18 - 2015-07-31 18:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-09-16 17:18 - 2015-07-31 18:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-09-15 09:30 - 2015-07-31 20:54 - 00000000 ____D C:\D
2015-09-15 06:30 - 2015-07-10 11:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(519)
2015-09-15 05:23 - 2015-07-31 18:56 - 00000000 ____D C:\Users\Bohumil\AppData\Local\Google
2015-09-14 16:56 - 2015-07-10 14:20 - 00353280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-14 16:53 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 16:53 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-14 16:41 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-14 15:55 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-11 17:25 - 2015-07-31 19:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-11 17:25 - 2015-07-31 19:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-11 17:23 - 2013-08-22 15:25 - 00000301 _____ C:\WINDOWS\win.ini
2015-09-11 17:19 - 2015-08-15 19:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 10:13 - 2015-07-31 18:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-06 07:39 - 2015-08-01 09:19 - 00000000 ____D C:\Program Files\CCleaner
2015-09-02 13:26 - 2015-08-01 07:59 - 00000000 ____D C:\Bohouš
2015-09-02 13:06 - 2015-07-31 18:45 - 00000000 ____D C:\Users\Bohumil\AppData\Local\Comms
2015-08-30 11:11 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-30 11:01 - 2015-08-01 19:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games
2015-08-30 10:34 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-30 10:01 - 2015-07-31 18:56 - 00004032 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 10:01 - 2015-07-31 18:56 - 00003800 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 18:37 - 2015-08-15 19:35 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 10:51 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-19 10:42 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-19 10:42 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2015-08-10 17:29 - 2008-07-15 17:33 - 0065536 _____ (Petr Laštovička) C:\Program Files\HotkeyP.exe
2015-07-31 18:26 - 2015-07-31 18:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-11 17:07

==================== End of FRST.txt ============================

Příspěvekod **jaro3** » 17 zář 2015 19:32

C:\ProgramData\Gravelex\Zondom.dll MbAM to smazal.

Odinstaluj:
McAfee Anti-Virus And Anti-Spyware (pokud najdeš)

Zlegalizuj si Office!

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
Task: {0A204B6B-EFCA-4471-85EB-CC254D3F17A9} - \AutoKMS -> No File <==== ATTENTION
Task: {5A4FCF9D-BEFA-468A-A955-E8972BB340B4} - System32\Tasks\txouii => Rundll32.exe "C:\WINDOWS\SysWOW64\msratingn.dll",WLYHHU
Task: {B024EE38-69A6-40EB-84E1-DFE07A309E4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {D8A85C2A-2B2D-4691-B6CC-06893F72897D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {DD55D963-4ABD-4C5A-B06D-F1B71DCB0297} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {ECCEC325-BFB6-43CB-BDA3-6F70636891FA} - System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6} => pcalua.exe -a "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final\TriggerKMS.exe" -d "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final" -c /pause
Task: {F5871F6E-4628-4DCF-B852-ED460255D911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\txouii.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\msratingn.dll
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {04EB9A24-4863-4637-81DE-44E4FED285B5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {B4C9182C-B3DD-4AE5-A2F4-F23177234088} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {D5F1808B-2BBB-451A-96D4-D47759B20391} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1438412936&z=db8b68ba6931a08beedd835g5z0c1b0zbgao2bct9g&from=cvs&uid=ST500DM002-1BD142_S2AYB7KVXXXXS2AYB7KV"
C:\WINDOWS\Tasks\txouii.job
C:\WINDOWS\System32\Tasks\txouii
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Max583 · Příspěvekod **Max583** » 17 zář 2015 19:54

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Bohumil (2015-09-17 19:51:19) Run:1
Running from C:\Users\Bohumil\Desktop
Loaded Profiles: Bohumil (Available Profiles: Bohumil)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
Task: {0A204B6B-EFCA-4471-85EB-CC254D3F17A9} - \AutoKMS -> No File <==== ATTENTION
Task: {5A4FCF9D-BEFA-468A-A955-E8972BB340B4} - System32\Tasks\txouii => Rundll32.exe "C:\WINDOWS\SysWOW64\msratingn.dll",WLYHHU
Task: {B024EE38-69A6-40EB-84E1-DFE07A309E4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {D8A85C2A-2B2D-4691-B6CC-06893F72897D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {DD55D963-4ABD-4C5A-B06D-F1B71DCB0297} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {ECCEC325-BFB6-43CB-BDA3-6F70636891FA} - System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6} => pcalua.exe -a "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final\TriggerKMS.exe" -d "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final" -c /pause
Task: {F5871F6E-4628-4DCF-B852-ED460255D911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\txouii.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\msratingn.dll
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {04EB9A24-4863-4637-81DE-44E4FED285B5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {B4C9182C-B3DD-4AE5-A2F4-F23177234088} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {D5F1808B-2BBB-451A-96D4-D47759B20391} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1438412936&z=db8b68ba6931a08beedd835g5z0c1b0zbgao2bct9g&from=cvs&uid=ST500DM002-1BD142_S2AYB7KVXXXXS2AYB7KV"
C:\WINDOWS\Tasks\txouii.job
C:\WINDOWS\System32\Tasks\txouii
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0A204B6B-EFCA-4471-85EB-CC254D3F17A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A204B6B-EFCA-4471-85EB-CC254D3F17A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5A4FCF9D-BEFA-468A-A955-E8972BB340B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4FCF9D-BEFA-468A-A955-E8972BB340B4}" => key removed successfully
C:\WINDOWS\System32\Tasks\txouii => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\txouii" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B024EE38-69A6-40EB-84E1-DFE07A309E4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B024EE38-69A6-40EB-84E1-DFE07A309E4A}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A85C2A-2B2D-4691-B6CC-06893F72897D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A85C2A-2B2D-4691-B6CC-06893F72897D}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD55D963-4ABD-4C5A-B06D-F1B71DCB0297}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD55D963-4ABD-4C5A-B06D-F1B71DCB0297}" => key removed successfully
C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECCEC325-BFB6-43CB-BDA3-6F70636891FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECCEC325-BFB6-43CB-BDA3-6F70636891FA}" => key removed successfully
C:\WINDOWS\System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5871F6E-4628-4DCF-B852-ED460255D911}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5871F6E-4628-4DCF-B852-ED460255D911}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job => moved successfully
C:\WINDOWS\Tasks\txouii.job => moved successfully
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0}" => key removed successfully
HKCR\CLSID\{03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04EB9A24-4863-4637-81DE-44E4FED285B5}" => key removed successfully
HKCR\CLSID\{04EB9A24-4863-4637-81DE-44E4FED285B5} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D}" => key removed successfully
HKCR\CLSID\{70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4C9182C-B3DD-4AE5-A2F4-F23177234088}" => key removed successfully
HKCR\CLSID\{B4C9182C-B3DD-4AE5-A2F4-F23177234088} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79}" => key removed successfully
HKCR\CLSID\{C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5F1808B-2BBB-451A-96D4-D47759B20391}" => key removed successfully
HKCR\CLSID\{D5F1808B-2BBB-451A-96D4-D47759B20391} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7524068-D6D2-4A6A-B4EB-BFC0D731FACA}" => key removed successfully
HKCR\CLSID\{F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83}" => key removed successfully
HKCR\CLSID\{FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1438412936&z=db8b68ba6931a08beedd835g5z0c1b0zbgao2bct9g&from=cvs&uid=ST500DM002-1BD142_S2AYB7KVXXXXS2AYB7KV" => removed successfully
"C:\WINDOWS\Tasks\txouii.job" => File/Folder not found.
"C:\WINDOWS\System32\Tasks\txouii" => File/Folder not found.
C:\ProgramData\DP45977C.lfl => moved successfully
EmptyTemp: => 18.3 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:51:23 ====

Max583 · Příspěvekod **Max583** » 17 zář 2015 19:55

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Bohumil (2015-09-17 19:51:19) Run:1
Running from C:\Users\Bohumil\Desktop
Loaded Profiles: Bohumil (Available Profiles: Bohumil)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
Task: {0A204B6B-EFCA-4471-85EB-CC254D3F17A9} - \AutoKMS -> No File <==== ATTENTION
Task: {5A4FCF9D-BEFA-468A-A955-E8972BB340B4} - System32\Tasks\txouii => Rundll32.exe "C:\WINDOWS\SysWOW64\msratingn.dll",WLYHHU
Task: {B024EE38-69A6-40EB-84E1-DFE07A309E4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {D8A85C2A-2B2D-4691-B6CC-06893F72897D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {DD55D963-4ABD-4C5A-B06D-F1B71DCB0297} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {ECCEC325-BFB6-43CB-BDA3-6F70636891FA} - System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6} => pcalua.exe -a "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final\TriggerKMS.exe" -d "C:\Users\Bohumil\Desktop\aktivator - KMSnano v19 Final" -c /pause
Task: {F5871F6E-4628-4DCF-B852-ED460255D911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job => C:\Users\Bohumil\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\txouii.job => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\SysWOW64\msratingn.dll
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {04EB9A24-4863-4637-81DE-44E4FED285B5} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {B4C9182C-B3DD-4AE5-A2F4-F23177234088} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {D5F1808B-2BBB-451A-96D4-D47759B20391} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12902
SearchScopes: HKU\S-1-5-21-2167593211-4253963868-4146078775-1001 -> {FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12902
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1438412936&z=db8b68ba6931a08beedd835g5z0c1b0zbgao2bct9g&from=cvs&uid=ST500DM002-1BD142_S2AYB7KVXXXXS2AYB7KV"
C:\WINDOWS\Tasks\txouii.job
C:\WINDOWS\System32\Tasks\txouii
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{0A204B6B-EFCA-4471-85EB-CC254D3F17A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A204B6B-EFCA-4471-85EB-CC254D3F17A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5A4FCF9D-BEFA-468A-A955-E8972BB340B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A4FCF9D-BEFA-468A-A955-E8972BB340B4}" => key removed successfully
C:\WINDOWS\System32\Tasks\txouii => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\txouii" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B024EE38-69A6-40EB-84E1-DFE07A309E4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B024EE38-69A6-40EB-84E1-DFE07A309E4A}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8A85C2A-2B2D-4691-B6CC-06893F72897D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8A85C2A-2B2D-4691-B6CC-06893F72897D}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD55D963-4ABD-4C5A-B06D-F1B71DCB0297}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD55D963-4ABD-4C5A-B06D-F1B71DCB0297}" => key removed successfully
C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECCEC325-BFB6-43CB-BDA3-6F70636891FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECCEC325-BFB6-43CB-BDA3-6F70636891FA}" => key removed successfully
C:\WINDOWS\System32\Tasks\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C3FDEC9-F6AB-41F1-A72A-4DA0C15CDBB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5871F6E-4628-4DCF-B852-ED460255D911}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5871F6E-4628-4DCF-B852-ED460255D911}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2167593211-4253963868-4146078775-1001UA.job => moved successfully
C:\WINDOWS\Tasks\txouii.job => moved successfully
HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0}" => key removed successfully
HKCR\CLSID\{03DEF8D7-DD4B-42FE-A1DE-484B0B66B1E0} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04EB9A24-4863-4637-81DE-44E4FED285B5}" => key removed successfully
HKCR\CLSID\{04EB9A24-4863-4637-81DE-44E4FED285B5} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D}" => key removed successfully
HKCR\CLSID\{70E2B0D3-52A9-40EF-B74A-CE828F3D9A9D} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4C9182C-B3DD-4AE5-A2F4-F23177234088}" => key removed successfully
HKCR\CLSID\{B4C9182C-B3DD-4AE5-A2F4-F23177234088} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79}" => key removed successfully
HKCR\CLSID\{C1202CC7-9C56-4CC1-8266-3DD7B1ACAC79} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5F1808B-2BBB-451A-96D4-D47759B20391}" => key removed successfully
HKCR\CLSID\{D5F1808B-2BBB-451A-96D4-D47759B20391} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7524068-D6D2-4A6A-B4EB-BFC0D731FACA}" => key removed successfully
HKCR\CLSID\{F7524068-D6D2-4A6A-B4EB-BFC0D731FACA} => key not found.
"HKU\S-1-5-21-2167593211-4253963868-4146078775-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83}" => key removed successfully
HKCR\CLSID\{FBEDBE33-9F68-4D6F-8ED7-6918FE4AEC83} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1438412936&z=db8b68ba6931a08beedd835g5z0c1b0zbgao2bct9g&from=cvs&uid=ST500DM002-1BD142_S2AYB7KVXXXXS2AYB7KV" => removed successfully
"C:\WINDOWS\Tasks\txouii.job" => File/Folder not found.
"C:\WINDOWS\System32\Tasks\txouii" => File/Folder not found.
C:\ProgramData\DP45977C.lfl => moved successfully
EmptyTemp: => 18.3 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:51:23 ====

Příspěvekod **jerabina** » 17 zář 2015 19:56

Co problémy?

Max583 · Příspěvekod **Max583** » 17 zář 2015 20:04

U mě dobrý. Mám ještě něco vymazat a odinstalovat?

Příspěvekod **jaro3** » 17 zář 2015 22:58

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

co se nesmaže , smaž sám.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Kontrola logu Vyřešeno

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Kdo je online