Stránka 1 z 2

Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 00:30
od crashik1
Ahojky,

prosím o pomoc. Hledal jsem hru na netu a stáhl jsem nějaký soubor torrent ale končil příponou .exe .Nyní nejde změnit vyhledávač v google chromu. Neustále je tam nastavena stránka firstsputnik.ru a nejde to změnit.Používám nb k práci a nerad bych aby někdo z něj čerpal nějaké data.Nevím, co by to vše mohlo změnit v mém pc.

Ten soubor, co mi to způsobil je přímo tady:

Kód: Vybrat vše

http://wagon.hangerime.ru/Zm5ib3BoZ2Nxb2FybGt1cmh6eyJ2ZXIiOiIxIiwic2lkIjoiNzM2MyIsInVybCI6Imh0dHA6XC9cL3NwZWVkLW5ldy5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcL3RvcnJlbnRzXC9UaGVfQml6YXJyZV9BZHZlbnR1cmVzX29mX1dvb2RydWZmX2FuZF90aGVfU2NobmliYmxlXzg5Mi50b3JyZW50IiwibmFtZSI6IlRoZV9CaXphcnJlX0FkdmVudHVyZXNfb2ZfV29vZHJ1ZmZfYW5kX3RoZV9TY2huaWJibGVfODkyLnRvcnJlbnQiLCJ0eXBlIjoidG9ycmVudCIsInNpemUiOjAsInJuZDAiOiJiOGUyMDY0MTZmMTcxZjU0NmZmYjEyMGZjNzRkMWE1YSJ9



Tady je log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:16:49, on 28. 11. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Users\Moravskesluzby.cz\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [C] cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L)
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Moravskesluzby.cz\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee AP Service (McAPExe) - Unknown owner - C:\Program Files\McAfee\MSC\McAPExe.exe (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\windows\
O23 - Service: McAfee Anti-Malware Core (mfecore) - Unknown owner - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PGService - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12145 bytes


Snad jsem to napsal alespoň trochu srozumitelně. Pokud ne tak se omlouvám.

Díky za pomoc !

Pozměněn odkaz na nevhodnou stránku. Pic

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 01:49
od Akrej
Když tak jsem nedavej přimo odkaz na stažení toho viru

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 09:09
od mmmartin
Přímý odkaz na zavirovaný soubor upraven. Můžeš prosím objasnit, jaké úvahy tě vedly k tomu, že do příspěvku vložíš přímý odkaz na spuštění škodlivého kódu? Všichni uživatelé nejsou tak moudří, aby neklikali na něco neznámého na stránkách, které nabízejí torrenty a jsou tedy potenciálně nebezpečné, notabene z počítače, ve kterém mají citlivá data. Snad jsem to napsal alespoň trochu srozumitelně. Pokud ne tak se omlouvám.

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 09:29
od jaro3
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 10:14
od crashik1
Za ten odkaz se omlouvám. Má úvaha byla taková, že by třeba pomohlo víc k identifikaci toho viru (nebo co to vlastně je) , kdyby jste měli ten soubor a mohli ho tak nějak "prozkoumat" nějakým special antivírem. Ve chvíli ,kdy by se znal přímo ten škodlivý kod, bylo by asi jednodušší ho odstranit. Snad jsem to napsal srozumitelně.

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 11:01
od crashik1
Takže tady výsledky:

TFC nejde stáhnout z toho odkazu - v chrome se objeví hláška chyba sítě (možná tím virem),tak jsem to stáhl odjinud a projel

ADW Cleaner (zkoušel jsem to tím projíždět ještě dříve než jsem tady požádal o pomoc - přikládám oba logy):
# AdwCleaner v5.022 - Logfile created 27/11/2015 at 23:26:27
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Moravskesluzby.cz - MUS
# Running from : C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found : C:\Users\Moravskesluzby.cz\AppData\Roaming\dvdvideosoftiehelpers

***** [ Files ] *****

File Found : C:\windows\SysWOW64\SearchProtectService.exe

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0633EE93-D776-472F-A0FF-E1416B8B2E3D}]
Key Found : HKCU\Software\IM
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q=
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q=
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D}

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1983 bytes] ##########

a druhý, který jsem dělal teď:
# AdwCleaner v5.022 - Logfile created 28/11/2015 at 10:26:43
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Moravskesluzby.cz - MUS
# Running from : C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [588 bytes] ##########


Malwarebytes Log(zatím jsem nic nemazal - přesně jak si psal):
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28. 11. 2015
Čas skenování: 10:39
Protokol:
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.28.01
Databáze rootkitů: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Moravskesluzby.cz

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 324074
Uplynulý čas: 10 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.DynamicNS, , [8fd271128506f1459a9798ba847eac54],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.DynamicNS, , [71f03b48b6d54ee8d35e85cdb151a45c],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.DynamicNS, , [71f03b48b6d54ee8d35e85cdb151a45c],

Hodnoty registru: 3
PUP.Optional.Sputnik, HKU\S-1-5-21-2463396478-638413890-950990422-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{5A2BF78A-8DE6-4B43-8D7B-AD23782B0E74}MACHINE\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSuggestURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest, , [273aa3e07813171f287c07e0689b4cb4]
PUP.Optional.Sputnik, HKU\S-1-5-21-2463396478-638413890-950990422-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{5A2BF78A-8DE6-4B43-8D7B-AD23782B0E74}MACHINE\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderInstantURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant, , [2140fa8955364de97d272fb8a55e4ab6]
PUP.Optional.Sputnik, HKU\S-1-5-21-2463396478-638413890-950990422-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{5A2BF78A-8DE6-4B43-8D7B-AD23782B0E74}MACHINE\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSearchURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search, , [8ed393f0cbc014229d07f5f2669dd927]

Data registru: 6
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSuggestURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest),,[64fd453eadde4ee86a3763091ee6e020]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderInstantURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant),,[8ad7245f5833e1559b0696d615ef1be5]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSearchURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search),,[1e43e49f256621154859204c9a6aa35d]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSuggestURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest),,[2d3499eae7a4181e732e1e4ef60e629e]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderInstantURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant),,[ed743f44f9926dc96041fe6e4cb824dc]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSearchURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search),,[352c4d365a31ee486e334824dd27956b]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 5
PUP.Optional.InstallMonster, C:\Users\Moravskesluzby.cz\Downloads\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892 (1).rar, , [bba6117219729f974c4ae2cda160e818],
PUP.Optional.InstallMonster, C:\Users\Moravskesluzby.cz\Downloads\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892 (2).rar, , [a1c05330bfcc46f0583e238c728fee12],
PUP.Optional.InstallMonster, C:\Users\Moravskesluzby.cz\Downloads\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.rar, , [c79ac1c2117a35016630ecc3d1308f71],
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Google\Chrome\Application\chrome.bat, Dobré: (), Špatné: ("http://pagego.ru/?from=mru1"), ,[1a47dea5bbd038fe6b122275ee160ff1]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Internet Explorer\iexplore.bat, Dobré: (), Špatné: ("http://pagego.ru/?from=mru1"), ,[c59c5d26cac12d091e60c0d73fc5a060]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Děkuji moc za pomoc

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 11:22
od jerabina
V pořádku, jenom pro příště to vkládej do nějakého tagu, který není klikací takže nejlépe code.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 12:24
od crashik1
Takže opět všechny logy:
ADW:
# AdwCleaner v5.022 - Logfile created 28/11/2015 at 11:31:58
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Moravskesluzby.cz - MUS
# Running from : C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [588 bytes] ##########

MBYTES
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28. 11. 2015
Čas skenování: 11:38
Protokol: log malwarebytes.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.28.01
Databáze rootkitů: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Moravskesluzby.cz

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 323595
Uplynulý čas: 8 min, 34 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

jrt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by Moravskesluzby.cz (Administrator) on so 28. 11. 2015 at 11:53:10,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{17B5EC80-87F2-4305-92CA-69A6472B366D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 28. 11. 2015 at 11:57:20,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ROGUE (ZATÍM JSEM TAM NIC NEMAZAL - NEVÍM ZDA JSEM MĚL)

RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Moravskesluzby.cz [Práva správce]
Started from : C:\Users\Moravskesluzby.cz\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 11/28/2015 12:16:07

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Windows\CurrentVersion\Run | C : cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) [x][x][x][x][x][-][x][x][-][x][x][-][x][-][x][x] -> Nalezeno
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Windows\CurrentVersion\Run | C : cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) [x][x][x][x][x][-][x][x][-][x][x][-][x][-][x][x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 6 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x9003fc (jmp 0x8981342c|jmp 0x716ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x12f03fc (jmp 0x8a20342c|jmp 0x70cfd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x12203fc (jmp 0x8a13342c|jmp 0x70dcd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xfd03fc (jmp 0x89ee342c|jmp 0x7101d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x7403fc (jmp 0x8965342c|jmp 0x718ad334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x3c03fc (jmp 0x892d342c|jmp 0x71c2d334)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8713a22aa5ffbe621f5008fc0e58bb4b
[BSP] ef6e6bb266c83b2ba98ffe084e55db5e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433586 MB
5 - Basic data partition | Offset (sectors): 892876800 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 945305600 | Size: 15365 MB
User = LL1 ... OK
User = LL2 ... OK

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 15:14
od Orcus
Odinstaluj vše od McAffee.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 16:29
od crashik1
rogue
RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Moravskesluzby.cz [Práva správce]
Started from : C:\Users\Moravskesluzby.cz\Downloads\RogueKillerX64.exe
Mód : Smazat -- Datum : 11/28/2015 15:53:01

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Windows\CurrentVersion\Run | C : cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) [x][x][x][x][x][-][x][x][-][x][x][-][x][-][x][x] -> ERROR [0]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 4 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x9003fc (jmp 0x8981342c|jmp 0x716ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x12f03fc (jmp 0x8a20342c|jmp 0x70cfd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xa603fc (jmp 0x8997342c|jmp 0x7158d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xc903fc (jmp 0x89ba342c|jmp 0x7135d334)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8713a22aa5ffbe621f5008fc0e58bb4b
[BSP] ef6e6bb266c83b2ba98ffe084e55db5e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433586 MB
5 - Basic data partition | Offset (sectors): 892876800 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 945305600 | Size: 15365 MB
User = LL1 ... OK
User = LL2 ... OK

zoek

Zoek.exe v5.0.0.1 Updated 28-November-2015
Tool run by Moravskesluzby.cz on so 28. 11. 2015 at 15:55:24,10.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Moravskesluzby.cz\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28. 11. 2015 15:56:04 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\GHISLER deleted successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default\prefs.js:

Added to C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\New Folder not found
C:\Users\Moravskesluzby.cz\AppData\Local\Temporary Internet Files deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\windows\Syswow64\GroupPolicy\Adm deleted
C:\windows\Syswow64\GroupPolicy\Machine deleted
C:\windows\Syswow64\GroupPolicy\User deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini.old deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [28. 11. 2015 00:02]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28. 11. 2015 00:02]

Dark Mode for Google™ - Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolhabnohplaabmifgmjgpjfbnoemkkd
Dark Mode for Google™ - MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolhabnohplaabmifgmjgpjfbnoemkkd

==== Chromium Fix ======================

C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{17B5EC80-87F2-4305-92CA-69A6472B366D}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{17B5EC80-87F2-4305-92CA-69A6472B366D} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{17B5EC80-87F2-4305-92CA-69A6472B366D}"
HKLM\Wow6432Node\SearchScopes\{17B5EC80-87F2-4305-92CA-69A6472B366D} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=50 folders=37 115328781 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Temp will be emptied at reboot
C:\Users\MORAVS~1.CZ\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\MORAVS~1.CZ\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 28. 11. 2015 at 16:15:24,82 ======================

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 16:29
od crashik1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015
Ran by Moravskesluzby.cz (administrator) on MUS (28-11-2015 16:19:45)
Running from C:\Users\Moravskesluzby.cz\Downloads
Loaded Profiles: Moravskesluzby.cz (Available Profiles: Moravskesluzby.cz)
Platform: Windows 8.1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-11-09] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-11] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-28] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\Run: [T-Mobile Communication Centre] => C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [1347496 2010-03-02] (Gemfor s.r.o.)
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {061f8eb0-9a2b-11e4-8277-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {22f85b4f-41a6-11e4-825c-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {22f87608-41a6-11e4-825c-fcf8ae9a50aa} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {256d0598-46e8-11e4-825c-fcf8ae9a50aa} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {2f650a16-5a8e-11e4-8263-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {3d42b5b5-4fa7-11e4-825f-fcf8ae9a50a6} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {538b5131-3f43-11e4-8258-c4544427ae85} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {538b51e4-3f43-11e4-8258-c4544427ae85} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {6c0ddd77-2be7-11e5-82a7-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {8c8612c7-ded5-11e4-828d-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {c893e0f5-7a28-11e5-82bd-fcf8ae9a50aa} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2015-11-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6213C738-918D-4CEA-B0A4-D588EC011F70}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D80BE040-95D7-457F-9DC2-939FF46C2614}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-2463396478-638413890-950990422-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2463396478-638413890-950990422-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2463396478-638413890-950990422-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-28] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-28] (AVAST Software)

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-28]
CHR Extension: (Dokumenty Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-28]
CHR Extension: (Disk Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-28]
CHR Extension: (Tabulky Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
CHR Extension: (Avast Online Security) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
CHR Extension: (Gmail) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ameisvc; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [67312 2010-03-02] (Gemfor s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-28] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-10-18] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
S4 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-28] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-25] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [100072 2013-08-03] (GenesysLogic)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-28] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-11-09] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-11] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2015-11-15] (Duplex Secure Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-28 16:19 - 2015-11-28 16:20 - 00021195 _____ C:\Users\Moravskesluzby.cz\Downloads\FRST.txt
2015-11-28 16:19 - 2015-11-28 16:19 - 00000000 ____D C:\FRST
2015-11-28 16:18 - 2015-11-28 16:18 - 02349056 _____ (Farbar) C:\Users\Moravskesluzby.cz\Downloads\FRST64.exe
2015-11-28 16:16 - 2015-11-28 16:16 - 00010922 _____ C:\Users\Moravskesluzby.cz\Desktop\zoek-results.txt
2015-11-28 16:13 - 2015-11-28 15:55 - 00024064 _____ C:\windows\zoek-delete.exe
2015-11-28 15:55 - 2015-11-28 16:12 - 00000000 ____D C:\zoek_backup
2015-11-28 15:53 - 2015-11-28 15:53 - 00008432 _____ C:\Users\Moravskesluzby.cz\Desktop\rogue.txt
2015-11-28 15:38 - 2015-11-28 15:39 - 01309184 _____ C:\Users\Moravskesluzby.cz\Desktop\zoek.exe
2015-11-28 12:35 - 2015-11-28 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Doom - Plutonia (ZDoom engine)
2015-11-28 12:34 - 2015-11-28 12:35 - 00000000 ____D C:\Program Files (x86)\Final ZDoom - Plutonia
2015-11-28 11:59 - 2015-11-28 15:38 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-11-28 11:59 - 2015-11-28 12:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-28 11:59 - 2015-11-28 11:59 - 23719496 _____ C:\Users\Moravskesluzby.cz\Downloads\RogueKillerX64.exe
2015-11-28 11:57 - 2015-11-28 11:57 - 00001193 _____ C:\Users\Moravskesluzby.cz\Desktop\JRT1.txt
2015-11-28 11:57 - 2015-11-28 11:57 - 00001193 _____ C:\Users\Moravskesluzby.cz\Desktop\JRT.txt
2015-11-28 11:52 - 2015-11-28 11:52 - 01599336 _____ (Malwarebytes) C:\Users\Moravskesluzby.cz\Downloads\JRT.exe
2015-11-28 11:50 - 2015-11-28 11:50 - 00000080 _____ C:\Users\Moravskesluzby.cz\Desktop\uTorrent.lnk
2015-11-28 11:50 - 2015-11-28 11:50 - 00000080 _____ C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2015-11-28 11:31 - 2015-11-28 11:32 - 00000666 _____ C:\Users\Moravskesluzby.cz\Desktop\AdwCleaner[S3].txt
2015-11-28 10:38 - 2015-11-28 11:37 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 10:37 - 2015-11-28 11:51 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 10:37 - 2015-11-28 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 10:37 - 2015-11-28 10:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-28 10:37 - 2015-11-28 10:37 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Moravskesluzby.cz\Downloads\mbam-setup-2.1.4.1018.exe
2015-11-28 10:37 - 2015-11-28 10:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 10:37 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-28 10:37 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-28 10:37 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-28 10:33 - 2015-11-28 10:33 - 22908888 _____ (Malwarebytes ) C:\Users\Moravskesluzby.cz\Downloads\Nepotvrzeno 806780.crdownload
2015-11-28 10:32 - 2015-11-28 10:32 - 00000758 _____ C:\Users\Moravskesluzby.cz\Desktop\AdwCleaner[C2].txt
2015-11-28 10:30 - 2015-11-28 10:30 - 01733632 _____ C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (2).exe
2015-11-28 10:26 - 2015-11-28 10:26 - 01733632 _____ C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (1).exe
2015-11-28 10:20 - 2015-11-28 11:51 - 00000913 _____ C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2015-11-28 10:20 - 2015-11-28 11:50 - 00000907 _____ C:\Users\Moravskesluzby.cz\Desktop\Temp File Cleaner.lnk
2015-11-28 10:20 - 2015-11-28 10:20 - 02073320 _____ C:\Users\Moravskesluzby.cz\Downloads\TempFileCleaner_4.4.0_Setup.exe
2015-11-28 10:20 - 2015-11-28 10:20 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\addpcs
2015-11-28 10:20 - 2015-11-28 10:20 - 00000000 ____D C:\Program Files\Temp File Cleaner
2015-11-28 00:13 - 2015-11-28 00:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\Moravskesluzby.cz\Downloads\hijackthis.exe
2015-11-28 00:02 - 2015-11-28 00:02 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-28 00:02 - 2015-11-28 00:02 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-27 23:59 - 2015-11-27 23:59 - 04372040 _____ (UltimateOutsider) C:\Users\Moravskesluzby.cz\Downloads\GWX_stopper.exe
2015-11-27 23:26 - 2015-11-28 11:36 - 00000000 ____D C:\AdwCleaner
2015-11-27 23:26 - 2015-11-27 23:26 - 01733632 _____ C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022.exe
2015-11-27 23:20 - 2015-11-27 23:20 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Moravskesluzby.cz\Downloads\SpyHunter-Installer.exe
2015-11-27 23:11 - 2015-11-27 23:12 - 14045413 _____ C:\Users\Moravskesluzby.cz\Downloads\Final_Doom-The_Plutonia_Experiment_with_engine_ZDoom_for_Windows_7_32bit-64bit.rar
2015-11-27 23:06 - 2015-11-28 16:15 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-27 23:06 - 2015-11-27 23:07 - 00000129 _____ C:\windows\SysWOW64\L
2015-11-27 23:06 - 2015-11-27 23:06 - 00000008 __RSH C:\Users\Moravskesluzby.cz\ntuser.pol
2015-11-27 23:05 - 2015-11-27 23:05 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\Torrentex
2015-11-26 13:57 - 2015-11-26 13:57 - 00390244 _____ C:\Users\Moravskesluzby.cz\Downloads\19_ZDROJE_FINANCOVÁNÍ_MAJETKU (1).pptx
2015-11-26 13:26 - 2015-11-26 13:26 - 00236281 _____ C:\Users\Moravskesluzby.cz\Downloads\32-10-21.pptx
2015-11-22 15:06 - 2015-11-22 15:06 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\Hercules_0
2015-11-22 14:59 - 2015-11-22 15:15 - 383930950 _____ C:\Users\Moravskesluzby.cz\Downloads\Crash_Bandicoot_Wrath_Of_Cortex_PAL__DVD_.rar
2015-11-22 14:55 - 2015-11-22 14:55 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\wcx_7zip_0.7.6.5a.bin
2015-11-22 14:54 - 2015-11-22 14:55 - 00612889 _____ C:\Users\Moravskesluzby.cz\Downloads\wcx_7zip_0.7.6.5a.bin.zip
2015-11-22 14:53 - 2015-11-22 14:53 - 01093126 _____ (Igor Pavlov) C:\Users\Moravskesluzby.cz\Downloads\7z1512.exe
2015-11-22 14:53 - 2015-11-22 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-22 14:53 - 2015-11-22 14:53 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-22 14:48 - 2015-11-22 14:57 - 221329669 _____ C:\Users\Moravskesluzby.cz\Downloads\Hercules_0.7z
2015-11-22 14:44 - 2015-11-22 14:48 - 109188287 _____ C:\Users\Moravskesluzby.cz\Downloads\HercsAdventures.7z
2015-11-22 14:36 - 2015-11-22 14:42 - 91638234 _____ C:\Users\Moravskesluzby.cz\Downloads\Tom and Jerry in house Trap.rar
2015-11-21 22:04 - 2015-11-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Alert
2015-11-21 21:58 - 2015-11-21 21:58 - 00000000 ____D C:\Games
2015-11-21 21:56 - 2015-11-21 21:57 - 11107039 _____ (FunkyFr3sh ) C:\Users\Moravskesluzby.cz\Downloads\RA1installer.exe
2015-11-21 21:50 - 2015-11-22 00:58 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\red alert cac
2015-11-21 21:40 - 2015-11-21 22:40 - 361670181 _____ C:\Users\Moravskesluzby.cz\Downloads\red_alert.zip
2015-11-21 21:37 - 2015-11-21 21:45 - 526433084 _____ C:\Users\Moravskesluzby.cz\Downloads\RedAlert1_SovietDisc.rar
2015-11-21 21:35 - 2015-11-21 22:04 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\1.serie
2015-11-21 21:29 - 2015-11-21 21:29 - 00019874 _____ C:\Users\Moravskesluzby.cz\Downloads\[CzT]Command_Conquer_Red_Alert_Datadisky_Counterstike_The_Aftermath_1996_.torrent
2015-11-21 21:23 - 2015-11-21 21:24 - 51431065 _____ C:\Users\Moravskesluzby.cz\Downloads\command-conquer-red-alert_Stare-hry_cz.zip
2015-11-21 17:55 - 2015-11-21 17:55 - 00014790 _____ C:\Users\Moravskesluzby.cz\Downloads\[CzT]Jak_funguji_drogy_Konopi_How_Drugs_Work_Cannabis_1_3_2011_TVRip_.torrent
2015-11-21 17:51 - 2015-11-21 17:51 - 00014114 _____ C:\Users\Moravskesluzby.cz\Downloads\[CzT]Konec_sveta_byl_a_bude_2012_TVRip_ (1).torrent
2015-11-20 20:29 - 2015-11-20 20:29 - 00000000 ____D C:\Users\Moravskesluzby.cz\Desktop\jpeg resampler
2015-11-20 20:28 - 2015-11-20 20:28 - 01338232 _____ C:\Users\Moravskesluzby.cz\Downloads\JR2010.zip
2015-11-20 19:50 - 2015-11-20 23:18 - 00008192 _____ C:\Users\Moravskesluzby.cz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-20 09:09 - 2015-11-20 09:09 - 00000135 _____ C:\Users\Moravskesluzby.cz\Downloads\SwissGroove.m3u
2015-11-19 19:40 - 2015-11-19 20:01 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\gens-win32-bin-2.14
2015-11-19 19:40 - 2015-11-19 19:40 - 02254463 _____ C:\Users\Moravskesluzby.cz\Downloads\sonic2knuckles.zip
2015-11-19 19:39 - 2015-11-19 19:39 - 00587213 _____ C:\Users\Moravskesluzby.cz\Downloads\gens-win32-bin-2.14.zip
2015-11-17 12:55 - 2015-11-17 12:57 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\h114
2015-11-17 10:28 - 2015-11-17 12:49 - 1004560520 _____ C:\Users\Moravskesluzby.cz\Downloads\h114.rar
2015-11-16 19:16 - 2015-11-16 19:16 - 00187624 _____ C:\Users\Moravskesluzby.cz\Downloads\stopangin-pil.pdf
2015-11-16 12:45 - 2015-11-16 12:45 - 00000000 ____D C:\Users\Moravskesluzby.cz\Documents\Doom PS1
2015-11-15 21:16 - 2015-11-15 21:16 - 00000000 ____D C:\Users\Moravskesluzby.cz\Documents\Ashampoo Burning Studio FREE
2015-11-15 21:01 - 2015-11-15 21:01 - 07716056 _____ (Alcohol Soft Development Team) C:\Users\Moravskesluzby.cz\Downloads\Alcohol120_trial_2.0.3.6839.exe
2015-11-15 20:51 - 2015-11-15 21:09 - 00867064 _____ (Duplex Secure Ltd.) C:\windows\system32\Drivers\sptd.sys
2015-11-15 20:47 - 2015-11-15 20:48 - 09140460 _____ C:\Users\Moravskesluzby.cz\Downloads\alkohol-120%.rar
2015-11-15 20:39 - 2015-11-28 11:51 - 00001324 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\Ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Local\ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2015-11-15 20:34 - 2015-11-15 20:35 - 32884120 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Moravskesluzby.cz\Downloads\ashampoo_burning_studio_free_21520.exe
2015-11-15 18:01 - 2015-11-15 18:01 - 01207668 _____ C:\Users\Moravskesluzby.cz\Downloads\Red.Alert-XP.Patch.zip
2015-11-14 19:18 - 2015-11-15 18:16 - 00000000 ____D C:\Program Files (x86)\Oldgames
2015-11-14 19:17 - 2015-11-14 19:18 - 43740563 _____ (DJ, dj@oldgames.sk) C:\Users\Moravskesluzby.cz\Downloads\Command.and.Conquer.Red.Alert-www.oldgames.sk-Compilation.exe
2015-11-12 23:57 - 2015-11-13 00:00 - 41205696 _____ C:\Users\Moravskesluzby.cz\Downloads\Atomic-Bomberman.zip
2015-11-12 23:52 - 2015-11-12 23:53 - 09280291 _____ C:\Users\Moravskesluzby.cz\Downloads\atomic-bomberman_95.zip
2015-11-12 23:06 - 2015-11-12 23:06 - 00324487 _____ C:\Users\Moravskesluzby.cz\Downloads\MMO.pdf
2015-11-12 20:38 - 2015-11-12 21:06 - 496988719 _____ C:\Users\Moravskesluzby.cz\Downloads\C2.SLES_109.49.rar
2015-11-12 19:58 - 2015-11-12 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom (ZDoom engine)
2015-11-12 19:57 - 2015-11-12 19:58 - 00000000 ____D C:\Program Files (x86)\ZDoom
2015-11-12 19:54 - 2015-11-12 19:55 - 09968410 _____ C:\Users\Moravskesluzby.cz\Downloads\doom_with_engine_zdoom_for_windows_7_32bit-64bit.rar
2015-11-12 17:10 - 2015-11-12 17:10 - 02637222 _____ C:\Users\Moravskesluzby.cz\Downloads\ZQTD_690_EEC.pdf
2015-11-12 17:07 - 2015-11-12 17:08 - 09198170 _____ C:\Users\Moravskesluzby.cz\Downloads\ZQTD_Baterie_LiFePO4_48V_45Ah.rar
2015-11-11 21:57 - 2015-11-11 21:57 - 02218175 _____ C:\Users\Moravskesluzby.cz\Downloads\doom.zip
2015-11-11 10:04 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 10:04 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 10:04 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 10:04 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 10:04 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 10:04 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 10:04 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 10:04 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 10:04 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 10:04 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 10:04 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 10:04 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 10:04 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 10:04 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 10:04 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 10:04 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 10:04 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 10:04 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 10:04 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 10:04 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 10:04 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 10:04 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 10:04 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 10:04 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 10:04 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 10:04 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 10:04 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 10:04 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 10:04 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 10:04 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 10:04 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 10:04 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 10:04 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 10:04 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 10:04 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 10:04 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 10:04 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 10:04 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 10:04 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 10:04 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 10:04 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 10:04 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 10:04 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 10:04 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 10:04 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 10:04 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 10:04 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 10:04 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 10:04 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 10:04 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 10:04 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 10:04 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 10:04 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 10:04 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 10:04 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 10:04 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 10:04 - 2015-09-12 14:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 10:04 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 10:04 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 10:04 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 10:04 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 10:04 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 10:04 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 10:04 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 10:04 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 10:04 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 10:03 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 10:03 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 10:03 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 10:03 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 10:03 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 10:03 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 10:03 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-09 14:27 - 2015-11-09 14:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-09 14:27 - 2015-11-09 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-03 14:42 - 2015-11-03 14:42 - 00181223 _____ C:\Users\Moravskesluzby.cz\Downloads\trittico-ac-150-pil.pdf
2015-10-31 21:21 - 2015-10-31 21:21 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Local\DOSBox
2015-10-31 21:19 - 2015-10-31 21:19 - 00389805 _____ C:\Users\Moravskesluzby.cz\Downloads\wgens211.zip
2015-10-31 21:17 - 2015-10-31 21:20 - 46143609 _____ C:\Users\Moravskesluzby.cz\Downloads\doom2.zip
2015-10-31 21:15 - 2015-10-31 21:15 - 06003907 _____ C:\Users\Moravskesluzby.cz\Downloads\59.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-28 16:19 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-28 16:16 - 2014-09-19 14:46 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Local\CrashDumps
2015-11-28 16:15 - 2014-09-16 11:35 - 00000970 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-28 16:14 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-28 16:14 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-28 16:13 - 2014-02-11 02:36 - 00016896 _____ C:\windows\system32\VfService.trf
2015-11-28 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-11-28 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\GroupPolicy
2015-11-28 15:48 - 2014-09-16 05:18 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2463396478-638413890-950990422-1001
2015-11-28 15:45 - 2014-02-11 02:30 - 00740946 _____ C:\windows\system32\perfh005.dat
2015-11-28 15:45 - 2014-02-11 02:30 - 00152150 _____ C:\windows\system32\perfc005.dat
2015-11-28 15:45 - 2013-10-07 19:27 - 01749406 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-28 15:45 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2015-11-28 15:23 - 2014-09-16 11:35 - 00000974 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-28 13:07 - 2014-10-16 16:26 - 00000000 ___RD C:\Users\Moravskesluzby.cz\Desktop\Hry
2015-11-28 11:51 - 2015-10-28 14:43 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-28 11:51 - 2015-10-28 14:43 - 00001048 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-28 11:51 - 2015-10-25 14:44 - 00002002 _____ C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2015-11-28 11:51 - 2015-10-25 14:37 - 00001997 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-11-28 11:51 - 2015-10-25 14:24 - 00001915 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2015-11-28 11:51 - 2015-09-20 09:20 - 00000922 _____ C:\Users\Public\Desktop\AIMP3.lnk
2015-11-28 11:51 - 2014-10-12 17:38 - 00002741 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-28 11:51 - 2014-09-17 17:42 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-11-28 11:51 - 2014-09-15 21:08 - 00000899 _____ C:\Users\Public\Desktop\Total Commander.lnk
2015-11-28 11:51 - 2014-09-15 20:56 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-28 11:51 - 2014-02-11 02:27 - 00001985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-11-28 11:51 - 2013-08-22 07:57 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-11-28 11:51 - 2013-08-22 07:57 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-11-28 11:51 - 2013-08-22 07:57 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-11-28 11:51 - 2013-08-22 07:54 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-11-28 11:51 - 2013-08-22 07:48 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2015-11-28 11:50 - 2014-11-01 16:38 - 00000947 _____ C:\Users\Moravskesluzby.cz\Desktop\IHR3040n.lnk
2015-11-28 10:29 - 2014-09-16 19:04 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-28 10:21 - 2014-10-09 12:27 - 00000000 ____D C:\windows\Minidump
2015-11-28 10:21 - 2014-10-04 21:17 - 00000000 ____D C:\Temp
2015-11-28 10:21 - 2014-02-11 02:29 - 00000000 ____D C:\ProgramData\Temp
2015-11-28 00:02 - 2014-09-16 19:04 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-27 23:07 - 2015-07-14 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-11-27 23:06 - 2014-09-16 03:45 - 00000000 ____D C:\Users\Moravskesluzby.cz
2015-11-27 23:05 - 2014-09-16 11:35 - 00002233 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2015-11-27 23:05 - 2014-09-16 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-27 23:05 - 2014-09-16 03:45 - 00002067 ____R C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-11-27 00:30 - 2014-09-15 19:56 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\AIMP3
2015-11-23 13:26 - 2014-09-15 20:12 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\uTorrent
2015-11-22 15:34 - 2015-09-20 16:33 - 827659350 ____R C:\Users\Moravskesluzby.cz\Downloads\Ano, šéfe s Gordonem Ramsaym USA S05E07.mp4
2015-11-19 19:41 - 2000-04-26 08:36 - 03408384 _____ C:\Users\Moravskesluzby.cz\Desktop\Sonic 2 & Knuckles.smd
2015-11-19 15:14 - 2014-09-21 15:48 - 00000000 ____D C:\Users\Moravskesluzby.cz\Desktop\Moravské úklidové služby
2015-11-16 12:47 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-13 19:09 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2015-11-12 11:51 - 2013-08-22 15:44 - 00495944 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-11 23:49 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-11-11 10:45 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-11 10:36 - 2014-09-15 20:03 - 00000000 ____D C:\windows\system32\MRT
2015-11-11 10:25 - 2014-09-15 20:03 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-10 09:18 - 2014-02-11 02:37 - 00000000 ____D C:\ProgramData\Energy Manager
2015-11-10 00:18 - 2014-10-12 17:38 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\Skype
2015-11-09 14:27 - 2014-10-12 17:38 - 00000000 ____D C:\ProgramData\Skype
2015-11-03 01:23 - 2014-09-15 21:20 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-09-15 21:20 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 03:46 - 2014-09-17 16:32 - 0003040 _____ () C:\Users\Moravskesluzby.cz\AppData\Roaming\AbsoluteReminder.xml
2015-11-20 19:50 - 2015-11-20 23:18 - 0008192 _____ () C:\Users\Moravskesluzby.cz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 02:16 - 2014-02-11 02:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-23 21:56

==================== End of FRST.txt ============================

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Napsal: 28 lis 2015 16:30
od crashik1
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-11-2015
Ran by Moravskesluzby.cz (2015-11-28 16:20:39)
Running from C:\Users\Moravskesluzby.cz\Downloads
Windows 8.1 (X64) (2014-09-16 02:44:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2463396478-638413890-950990422-500 - Administrator - Disabled)
Guest (S-1-5-21-2463396478-638413890-950990422-501 - Limited - Disabled)
Moravskesluzby.cz (S-1-5-21-2463396478-638413890-950990422-1001 - Administrator - Enabled) => C:\Users\Moravskesluzby.cz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Doom (engine ZDoom 2.6.1) (HKLM-x32\...\Doom (engine ZDoom 2.6.1)) (Version: - )
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
Final Doom: The Plutonia Experiment (engine ZDoom 2.6.1) (HKLM-x32\...\Final Doom: The Plutonia Experiment (engine ZDoom 2.6.1)) (Version: - )
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
JPEG Resampler Vs 5.99.99 (HKLM-x32\...\JPEG Resampler_is1) (Version: - David Macek)
K-Lite Mega Codec Pack 10.7.1 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10250 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{3963D1D4-8723-4EE4-9694-D1078BB26B75}) (Version: 2.0.0.1017 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1017 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
MediaHuman YouTube to MP3 Converter verze 3.6.7 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.6.7 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
ProFact 4.0 (HKLM-x32\...\ProFact 4.0_is1) (Version: - eXmind)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7133 - Realtek Semiconductor Corp.)
Red Alert 3.03p-Iran (HKLM-x32\...\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1) (Version: 3.03p-Iran - FunkyFr3sh)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.51 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Web'n'walk Manager (HKLM-x32\...\T-Mobile Communication Centre) (Version: - )
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2463396478-638413890-950990422-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

21-11-2015 00:19:44 Scheduled Checkpoint
28-11-2015 11:53:13 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-11-28 15:56 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12263095-9DEC-441B-87B0-C1E34E549FE8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-28] (AVAST Software)
Task: {27D34CA3-5254-4C19-A0CF-59821A8CA573} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2AC39DBD-308D-4C95-9D18-51E5A95E044C} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-06] ()
Task: {41593330-2F4D-4EE6-BEE0-0FD89A8D24D1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-11] (Synaptics Incorporated)
Task: {683DE8A4-8671-4DCB-AEFB-AEA84BFE7DEA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {79FB1ED4-80F0-4C43-97B3-08CAFD45D30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AC6E0EC6-CFC7-4CC1-A23E-EF6DFF0D7B6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {BED07B8F-1858-4855-A00F-1B00FF9CBBC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C256094A-6B42-4CB7-8900-805D12CF3F6A} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {D72E0D0D-4126-4A96-9341-A3B10C0CBE53} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
Task: {E2B44198-482D-4E10-B8ED-67DF62186711} - System32\Tasks\{0223DE7A-8D10-4995-BA49-65494293A883} => pcalua.exe -a "C:\Users\Moravskesluzby.cz\Desktop\vag-com CZ\Drivers\409.1VAG-COM USB_Driver\FTDIUNIN.EXE" -d "C:\Users\Moravskesluzby.cz\Desktop\vag-com CZ\Drivers\409.1VAG-COM USB_Driver"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) <==== ATTENTION
Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) <==== ATTENTION
Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) <==== ATTENTION
Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) <==== ATTENTION

Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-28 14:43 - 2015-08-18 12:52 - 00020240 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-08-02 02:31 - 2013-08-02 02:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-02 02:31 - 2013-08-02 02:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-02 02:31 - 2013-08-02 02:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-11 02:34 - 2012-04-25 03:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-11 02:36 - 2014-02-11 02:36 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-11 02:36 - 2014-02-11 02:36 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-11 02:16 - 2014-08-13 23:24 - 00453448 _____ () C:\windows\system32\igfxTray.exe
2015-11-28 00:02 - 2015-11-28 00:02 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-28 00:02 - 2015-11-28 00:02 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-27 23:30 - 2015-11-27 23:30 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112701\algo.dll
2015-11-28 00:02 - 2015-11-28 00:02 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-28 16:15 - 2015-11-28 16:15 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112800\algo.dll
2015-05-19 10:15 - 2015-05-19 10:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-11 10:52 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 10:52 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2014-02-11 02:05 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-09-25 22:48 - 2015-09-25 22:48 - 00043656 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32api.pyd
2015-09-25 22:47 - 2015-09-25 22:47 - 00061576 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pywintypes27.dll
2015-09-25 22:47 - 2015-09-25 22:47 - 00127624 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pythoncom27.dll
2015-09-25 22:48 - 2015-09-25 22:48 - 00024200 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_multiprocessing.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00046728 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ctypes.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00027784 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32service.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00024712 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\servicemanager.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00031368 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_socket.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00445064 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ssl.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00288904 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_hashlib.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00019080 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\select.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00022152 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32pipe.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00046728 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32file.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00019592 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32event.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00372360 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_bsddb.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00026248 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32process.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00022152 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32ts.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00020616 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32profile.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00044680 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32security.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00026760 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32inet.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00191624 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\unicodedata.pyd
2015-09-25 22:47 - 2015-09-25 22:47 - 00024200 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\EnvironmentID.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463396478-638413890-950990422-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\StartupApproved\Run: => "T-Mobile Communication Centre"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{88DCD48E-855B-4CCB-90C2-79C909741449}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DCDD6732-1F13-4877-AB74-8F6F6FF2AA7D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{58E1559F-EA5D-4BAB-931D-44BC22311D34}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{254F1BB7-A809-402F-8B50-9A2C2DBDD7AD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{0D963702-4086-4494-9390-DA6FB484CC39}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{B4989F16-CF1E-464A-B541-27E32D0D9EF5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FD343123-2E0B-4F04-8712-CEA67031BC5C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{28B25E07-8678-4F03-B998-8C8C0BFD77DC}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A63338E7-F90D-4D50-B0D5-77FCE77FA71F}] => (Allow) C:\Users\Moravskesluzby.cz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A525A67B-51F3-4A36-B89D-CFBA5F5D8FA1}] => (Allow) C:\Users\Moravskesluzby.cz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{340313E1-1A34-47CF-A281-63AB95E359E3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5017B59F-9AA3-4223-8FAC-DE2D013AA445}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{84FD9B7B-9ECF-4419-A3EB-B624929B62F1}C:\program files (x86)\cs1.6\hl.exe] => (Allow) C:\program files (x86)\cs1.6\hl.exe
FirewallRules: [UDP Query User{0338A133-96B8-44AE-8FCB-8897A13CD226}C:\program files (x86)\cs1.6\hl.exe] => (Allow) C:\program files (x86)\cs1.6\hl.exe
FirewallRules: [TCP Query User{4F017F06-A691-444B-8D3B-04CED989A726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E0307AEF-659C-42B7-86CE-9B4DE46C1326}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DD5CFA20-75AF-4026-8B87-62057637DB09}C:\program files (x86)\cs1.6\hlds.exe] => (Allow) C:\program files (x86)\cs1.6\hlds.exe
FirewallRules: [UDP Query User{56FEF6A1-788A-415B-90E2-E5A0B75E76C7}C:\program files (x86)\cs1.6\hlds.exe] => (Allow) C:\program files (x86)\cs1.6\hlds.exe
FirewallRules: [{D5951238-B000-4B05-A2DD-700F7075A809}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{F0AF93C4-0285-4D1F-9A31-7F7DC2D706D7}C:\program files (x86)\cs1.6\hltv.exe] => (Block) C:\program files (x86)\cs1.6\hltv.exe
FirewallRules: [UDP Query User{5F8F103C-BF47-46C7-9B8F-8230F65C9649}C:\program files (x86)\cs1.6\hltv.exe] => (Block) C:\program files (x86)\cs1.6\hltv.exe
FirewallRules: [TCP Query User{85F42B6D-477A-4C78-8B79-A53D3DC424D3}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{8B05ACE6-E8AC-4778-A292-5DF443D1F048}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{6B215734-9563-4C5F-B7A7-94F7CA3FE702}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0E728D30-5FBC-4182-8BD2-5917E432F21D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DD99AE94-F7AE-4CD3-AAAF-697B8BDBA6BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{566D0B8B-B858-44A4-AAAB-4E0E9C24AD4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8BDEF55E-03C8-433C-8443-8B197BDB2896}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{150550E0-8414-48E6-9AE8-04B8B0A3091C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFF15DBA-7665-4864-965A-2129180EC396}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1FA816E-06BE-4B08-B6ED-554F2FB8540D}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{47E758BE-3B08-4088-8B0F-257A971B5E77}] => (Allow) C:\Torrentex\Torrentex.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2015 04:16:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x10f8
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/28/2015 03:56:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff9002e2f4c
ID chybujícího procesu: 0xc0c
Čas spuštění chybující aplikace: 0xDaS_21.exe0
Cesta k chybující aplikaci: DaS_21.exe1
Cesta k chybujícímu modulu: DaS_21.exe2
ID zprávy: DaS_21.exe3
Úplný název chybujícího balíčku: DaS_21.exe4
ID aplikace související s chybujícím balíčkem: DaS_21.exe5

Error: (11/28/2015 03:56:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
Zásobník:
na DriverAndServicesOut.GetProcess.GetPathName(System.String)
na DriverAndServicesOut.GetProcess.GetAllServices(System.String)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (11/28/2015 11:34:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x1468
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/28/2015 10:29:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x1384
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/27/2015 11:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x520
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/26/2015 05:43:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x16d4
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/26/2015 01:21:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={312761A4-AB9E-4D15-BD62-9EF5FF3FF4E9}: The user MUS\Moravskesluzby.cz dialed a connection named APN Internet (Huawei E1750, COM14) #2 which has failed. The error code returned on failure is 678.

Error: (11/26/2015 01:21:38 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D84B89B4-90EB-451E-9D0E-A0B7A4A559F1}: The user MUS\Moravskesluzby.cz dialed a connection named APN Internet (Huawei E1750, COM14) which has failed. The error code returned on failure is 678.

Error: (11/26/2015 01:21:29 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0401B4B0-2AE9-420F-AB1A-B0957201D465}: The user MUS\Moravskesluzby.cz dialed a connection named APN Internet (Huawei E1750, COM14) which has failed. The error code returned on failure is 678.


System errors:
=============
Error: (11/28/2015 04:17:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee VirusScan Announcer neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/28/2015 04:15:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VBoxAsw Support Driver neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/28/2015 04:15:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba McAfee Anti-Malware Core závisí na následující službě: mfevtp. Tato služba pravděpodobně není nainstalována.

Error: (11/28/2015 04:15:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba McAfee AP Service závisí na následující službě: mfevtp. Tato služba pravděpodobně není nainstalována.

Error: (11/28/2015 04:14:21 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (11/28/2015 04:10:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


CodeIntegrity:
===================================
Date: 2015-10-28 19:25:02.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 19:23:35.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 19:22:16.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 19:22:15.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 19:43:44.028
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 19:43:29.185
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:40:11.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:39:33.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:39:01.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:38:19.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 43%
Total physical RAM: 4008.27 MB
Available physical RAM: 2249.07 MB
Total Virtual: 8104.27 MB
Available Virtual: 6235.59 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:423.42 GB) (Free:0.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.21 GB) NTFS
Drive e: (CD2) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 758A51E1)

Partition: GPT.

==================== End of Addition.txt ============================