Otevřel jsem exe které jsem neměl / prosím o kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 00:30

Ahojky,

prosím o pomoc. Hledal jsem hru na netu a stáhl jsem nějaký soubor torrent ale končil příponou .exe .Nyní nejde změnit vyhledávač v google chromu. Neustále je tam nastavena stránka firstsputnik.ru a nejde to změnit.Používám nb k práci a nerad bych aby někdo z něj čerpal nějaké data.Nevím, co by to vše mohlo změnit v mém pc.

Ten soubor, co mi to způsobil je přímo tady:

Kód: Vybrat vše

http://wagon.hangerime.ru/Zm5ib3BoZ2Nxb2FybGt1cmh6eyJ2ZXIiOiIxIiwic2lkIjoiNzM2MyIsInVybCI6Imh0dHA6XC9cL3NwZWVkLW5ldy5jb21cL3dwLWNvbnRlbnRcL3VwbG9hZHNcL3RvcnJlbnRzXC9UaGVfQml6YXJyZV9BZHZlbnR1cmVzX29mX1dvb2RydWZmX2FuZF90aGVfU2NobmliYmxlXzg5Mi50b3JyZW50IiwibmFtZSI6IlRoZV9CaXphcnJlX0FkdmVudHVyZXNfb2ZfV29vZHJ1ZmZfYW5kX3RoZV9TY2huaWJibGVfODkyLnRvcnJlbnQiLCJ0eXBlIjoidG9ycmVudCIsInNpemUiOjAsInJuZDAiOiJiOGUyMDY0MTZmMTcxZjU0NmZmYjEyMGZjNzRkMWE1YSJ9



Tady je log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:16:49, on 28. 11. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe
C:\Users\Moravskesluzby.cz\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [C] cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L)
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Moravskesluzby.cz\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee AP Service (McAPExe) - Unknown owner - C:\Program Files\McAfee\MSC\McAPExe.exe (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\windows\
O23 - Service: McAfee Anti-Malware Core (mfecore) - Unknown owner - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PGService - PointGrab LTD - C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VeriFaceSrv - Unknown owner - C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12145 bytes


Snad jsem to napsal alespoň trochu srozumitelně. Pokud ne tak se omlouvám.

Díky za pomoc !

Pozměněn odkaz na nevhodnou stránku. Pic

Reklama
Uživatelský avatar
Akrej
Level 5.5
Level 5.5
Příspěvky: 2999
Registrován: červen 12
Pohlaví: Muž
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod Akrej » 28 lis 2015 01:49

Když tak jsem nedavej přimo odkaz na stažení toho viru
"Nejsem nerozumný. Jen nemám ten samý rozum jako vy."
Diogénes ze Sinopé
-------------------------------------
„Mějte dobrou náladu. Dobrá nálada vaše problémy sice nevyřeší, ale naštve tolik lidí kolem, že stojí za to si ji užít.“
Jan Werich
--------------------------------------
Snažím se psát bez chyb
-------------------------

Uživatelský avatar
mmmartin
Moderátor
Elite Level 10
Elite Level 10
Příspěvky: 9641
Registrován: srpen 04
Bydliště: Praha
Pohlaví: Muž
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod mmmartin » 28 lis 2015 09:09

Přímý odkaz na zavirovaný soubor upraven. Můžeš prosím objasnit, jaké úvahy tě vedly k tomu, že do příspěvku vložíš přímý odkaz na spuštění škodlivého kódu? Všichni uživatelé nejsou tak moudří, aby neklikali na něco neznámého na stránkách, které nabízejí torrenty a jsou tedy potenciálně nebezpečné, notabene z počítače, ve kterém mají citlivá data. Snad jsem to napsal alespoň trochu srozumitelně. Pokud ne tak se omlouvám.
ASUS Prime Z390-P / Hexa Core Intel core i5 Coffee Lake-S / Gigabyte GeForce GTX 650 Ti / FORTRON BlueStorm Bronze 80PLUS / W 11

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod jaro3 » 28 lis 2015 09:29

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 10:14

Za ten odkaz se omlouvám. Má úvaha byla taková, že by třeba pomohlo víc k identifikaci toho viru (nebo co to vlastně je) , kdyby jste měli ten soubor a mohli ho tak nějak "prozkoumat" nějakým special antivírem. Ve chvíli ,kdy by se znal přímo ten škodlivý kod, bylo by asi jednodušší ho odstranit. Snad jsem to napsal srozumitelně.

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 11:01

Takže tady výsledky:

TFC nejde stáhnout z toho odkazu - v chrome se objeví hláška chyba sítě (možná tím virem),tak jsem to stáhl odjinud a projel

ADW Cleaner (zkoušel jsem to tím projíždět ještě dříve než jsem tady požádal o pomoc - přikládám oba logy):
# AdwCleaner v5.022 - Logfile created 27/11/2015 at 23:26:27
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Moravskesluzby.cz - MUS
# Running from : C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Found : C:\Users\Moravskesluzby.cz\AppData\Roaming\dvdvideosoftiehelpers

***** [ Files ] *****

File Found : C:\windows\SysWOW64\SearchProtectService.exe

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0633EE93-D776-472F-A0FF-E1416B8B2E3D}]
Key Found : HKCU\Software\IM
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q=
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q=
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D}

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1983 bytes] ##########

a druhý, který jsem dělal teď:
# AdwCleaner v5.022 - Logfile created 28/11/2015 at 10:26:43
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Moravskesluzby.cz - MUS
# Running from : C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [588 bytes] ##########


Malwarebytes Log(zatím jsem nic nemazal - přesně jak si psal):
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28. 11. 2015
Čas skenování: 10:39
Protokol:
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.28.01
Databáze rootkitů: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Moravskesluzby.cz

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 324074
Uplynulý čas: 10 min, 13 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.DynamicNS, , [8fd271128506f1459a9798ba847eac54],
Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.DynamicNS, , [71f03b48b6d54ee8d35e85cdb151a45c],
Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.DynamicNS, , [71f03b48b6d54ee8d35e85cdb151a45c],

Hodnoty registru: 3
PUP.Optional.Sputnik, HKU\S-1-5-21-2463396478-638413890-950990422-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{5A2BF78A-8DE6-4B43-8D7B-AD23782B0E74}MACHINE\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSuggestURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest, , [273aa3e07813171f287c07e0689b4cb4]
PUP.Optional.Sputnik, HKU\S-1-5-21-2463396478-638413890-950990422-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{5A2BF78A-8DE6-4B43-8D7B-AD23782B0E74}MACHINE\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderInstantURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant, , [2140fa8955364de97d272fb8a55e4ab6]
PUP.Optional.Sputnik, HKU\S-1-5-21-2463396478-638413890-950990422-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\GROUP POLICY OBJECTS\{5A2BF78A-8DE6-4B43-8D7B-AD23782B0E74}MACHINE\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSearchURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search, , [8ed393f0cbc014229d07f5f2669dd927]

Data registru: 6
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSuggestURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest),,[64fd453eadde4ee86a3763091ee6e020]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderInstantURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant),,[8ad7245f5833e1559b0696d615ef1be5]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSearchURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search),,[1e43e49f256621154859204c9a6aa35d]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSuggestURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=suggest),,[2d3499eae7a4181e732e1e4ef60e629e]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderInstantURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=instant),,[ed743f44f9926dc96041fe6e4cb824dc]
PUP.Optional.Sputnik.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME|DefaultSearchProviderSearchURL, http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search, Dobré: (www.google.com), Špatné: (http://firstsputnik.ru/?ri=1&uid=2e978e ... 966af52&q={searchTerms}&t=search),,[352c4d365a31ee486e334824dd27956b]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 5
PUP.Optional.InstallMonster, C:\Users\Moravskesluzby.cz\Downloads\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892 (1).rar, , [bba6117219729f974c4ae2cda160e818],
PUP.Optional.InstallMonster, C:\Users\Moravskesluzby.cz\Downloads\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892 (2).rar, , [a1c05330bfcc46f0583e238c728fee12],
PUP.Optional.InstallMonster, C:\Users\Moravskesluzby.cz\Downloads\The_Bizarre_Adventures_of_Woodruff_and_the_Schnibble_892.rar, , [c79ac1c2117a35016630ecc3d1308f71],
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Google\Chrome\Application\chrome.bat, Dobré: (), Špatné: ("http://pagego.ru/?from=mru1"), ,[1a47dea5bbd038fe6b122275ee160ff1]
PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Internet Explorer\iexplore.bat, Dobré: (), Špatné: ("http://pagego.ru/?from=mru1"), ,[c59c5d26cac12d091e60c0d73fc5a060]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Děkuji moc za pomoc

Uživatelský avatar
jerabina
člen Security týmu
Level 6
Level 6
Příspěvky: 3647
Registrován: březen 13
Bydliště: Litoměřice
Pohlaví: Muž
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod jerabina » 28 lis 2015 11:22

V pořádku, jenom pro příště to vkládej do nějakého tagu, který není klikací takže nejlépe code.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod

Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 12:24

Takže opět všechny logy:
ADW:
# AdwCleaner v5.022 - Logfile created 28/11/2015 at 11:31:58
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Moravskesluzby.cz - MUS
# Running from : C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (1).exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [588 bytes] ##########

MBYTES
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28. 11. 2015
Čas skenování: 11:38
Protokol: log malwarebytes.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.28.01
Databáze rootkitů: v2015.11.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Moravskesluzby.cz

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 323595
Uplynulý čas: 8 min, 34 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

jrt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by Moravskesluzby.cz (Administrator) on so 28. 11. 2015 at 11:53:10,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{17B5EC80-87F2-4305-92CA-69A6472B366D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 28. 11. 2015 at 11:57:20,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ROGUE (ZATÍM JSEM TAM NIC NEMAZAL - NEVÍM ZDA JSEM MĚL)

RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Moravskesluzby.cz [Práva správce]
Started from : C:\Users\Moravskesluzby.cz\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 11/28/2015 12:16:07

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Windows\CurrentVersion\Run | C : cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) [x][x][x][x][x][-][x][x][-][x][x][-][x][-][x][x] -> Nalezeno
[VT.Unknown] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Windows\CurrentVersion\Run | C : cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) [x][x][x][x][x][-][x][x][-][x][x][-][x][-][x][x] -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://lenovo13.msn.com/?pc=LCJB -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 6 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x9003fc (jmp 0x8981342c|jmp 0x716ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x12f03fc (jmp 0x8a20342c|jmp 0x70cfd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x12203fc (jmp 0x8a13342c|jmp 0x70dcd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xfd03fc (jmp 0x89ee342c|jmp 0x7101d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x7403fc (jmp 0x8965342c|jmp 0x718ad334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x3c03fc (jmp 0x892d342c|jmp 0x71c2d334)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8713a22aa5ffbe621f5008fc0e58bb4b
[BSP] ef6e6bb266c83b2ba98ffe084e55db5e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433586 MB
5 - Basic data partition | Offset (sectors): 892876800 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 945305600 | Size: 15365 MB
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod Orcus » 28 lis 2015 15:14

Odinstaluj vše od McAffee.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 16:29

rogue
RogueKiller V10.11.7.0 (x64) [Nov 23 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Moravskesluzby.cz [Práva správce]
Started from : C:\Users\Moravskesluzby.cz\Downloads\RogueKillerX64.exe
Mód : Smazat -- Datum : 11/28/2015 15:53:01

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Windows\CurrentVersion\Run | C : cmd /c(@attrib -H -R -S C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\windows\system32\GroupPolicy\Machine\R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@attrib +R C:\windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@start/b gpupdate.exe /Force >L) [x][x][x][x][x][-][x][x][-][x][x][-][x][-][x][x] -> ERROR [0]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McODS ("C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe") -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 2 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 4 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x9003fc (jmp 0x8981342c|jmp 0x716ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x12f03fc (jmp 0x8a20342c|jmp 0x70cfd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xa603fc (jmp 0x8997342c|jmp 0x7158d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xc903fc (jmp 0x89ba342c|jmp 0x7135d334)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8713a22aa5ffbe621f5008fc0e58bb4b
[BSP] ef6e6bb266c83b2ba98ffe084e55db5e : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 433586 MB
5 - Basic data partition | Offset (sectors): 892876800 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 945305600 | Size: 15365 MB
User = LL1 ... OK
User = LL2 ... OK

zoek

Zoek.exe v5.0.0.1 Updated 28-November-2015
Tool run by Moravskesluzby.cz on so 28. 11. 2015 at 15:55:24,10.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Moravskesluzby.cz\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

28. 11. 2015 15:56:04 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\GHISLER deleted successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default\prefs.js:

Added to C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\New Folder not found
C:\Users\Moravskesluzby.cz\AppData\Local\Temporary Internet Files deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Adm deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\windows\Syswow64\GroupPolicy\Adm deleted
C:\windows\Syswow64\GroupPolicy\Machine deleted
C:\windows\Syswow64\GroupPolicy\User deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini.old deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [28. 11. 2015 00:02]

==== Firefox Extensions ======================

ProfilePath: C:\Users\MORAVS~1.CZ\AppData\Roaming\TomTom\HOME\Profiles\au8cl1mv.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28. 11. 2015 00:02]

Dark Mode for Google™ - Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolhabnohplaabmifgmjgpjfbnoemkkd
Dark Mode for Google™ - MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aolhabnohplaabmifgmjgpjfbnoemkkd

==== Chromium Fix ======================

C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{17B5EC80-87F2-4305-92CA-69A6472B366D}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{17B5EC80-87F2-4305-92CA-69A6472B366D} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{17B5EC80-87F2-4305-92CA-69A6472B366D}"
HKLM\Wow6432Node\SearchScopes\{17B5EC80-87F2-4305-92CA-69A6472B366D} - http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\MORAVS~1.CZ\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=50 folders=37 115328781 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Moravskesluzby.cz\AppData\Local\Temp will be emptied at reboot
C:\Users\MORAVS~1.CZ\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\MORAVS~1.CZ\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 28. 11. 2015 at 16:15:24,82 ======================

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 16:29

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-11-2015
Ran by Moravskesluzby.cz (administrator) on MUS (28-11-2015 16:19:45)
Running from C:\Users\Moravskesluzby.cz\Downloads
Loaded Profiles: Moravskesluzby.cz (Available Profiles: Moravskesluzby.cz)
Platform: Windows 8.1 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Gemfor s.r.o.) C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-11-09] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-02-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-02-11] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-28] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\Run: [T-Mobile Communication Centre] => C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [1347496 2010-03-02] (Gemfor s.r.o.)
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-04-30] (TomTom)
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {061f8eb0-9a2b-11e4-8277-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {22f85b4f-41a6-11e4-825c-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {22f87608-41a6-11e4-825c-fcf8ae9a50aa} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {256d0598-46e8-11e4-825c-fcf8ae9a50aa} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {2f650a16-5a8e-11e4-8263-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {3d42b5b5-4fa7-11e4-825f-fcf8ae9a50a6} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {538b5131-3f43-11e4-8258-c4544427ae85} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {538b51e4-3f43-11e4-8258-c4544427ae85} - "F:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {6c0ddd77-2be7-11e5-82a7-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {8c8612c7-ded5-11e4-828d-fcf8ae9a50aa} - "E:\Autorun.exe"
HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\MountPoints2: {c893e0f5-7a28-11e5-82bd-fcf8ae9a50aa} - "E:\autorun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2015-11-28]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6213C738-918D-4CEA-B0A4-D588EC011F70}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D80BE040-95D7-457F-9DC2-939FF46C2614}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2463396478-638413890-950990422-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
URLSearchHook: [S-1-5-21-2463396478-638413890-950990422-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2463396478-638413890-950990422-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2463396478-638413890-950990422-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-28] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-28] (AVAST Software)

FireFox:
========
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-28]
CHR Extension: (Dokumenty Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-28]
CHR Extension: (Disk Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-28]
CHR Extension: (Tabulky Google) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
CHR Extension: (Avast Online Security) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
CHR Extension: (Gmail) - C:\Users\Moravskesluzby.cz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ameisvc; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [67312 2010-03-02] (Gemfor s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-28] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-19] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-02] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [163624 2013-10-18] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-25] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-02-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mfecore; "C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe" [X]
S4 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-28] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-06] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-10-25] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [100072 2013-08-03] (GenesysLogic)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-19] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-02] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-02] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-02] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-02] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-28] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-11-09] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-11] (Synaptics Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [867064 2015-11-15] (Duplex Secure Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-28 16:19 - 2015-11-28 16:20 - 00021195 _____ C:\Users\Moravskesluzby.cz\Downloads\FRST.txt
2015-11-28 16:19 - 2015-11-28 16:19 - 00000000 ____D C:\FRST
2015-11-28 16:18 - 2015-11-28 16:18 - 02349056 _____ (Farbar) C:\Users\Moravskesluzby.cz\Downloads\FRST64.exe
2015-11-28 16:16 - 2015-11-28 16:16 - 00010922 _____ C:\Users\Moravskesluzby.cz\Desktop\zoek-results.txt
2015-11-28 16:13 - 2015-11-28 15:55 - 00024064 _____ C:\windows\zoek-delete.exe
2015-11-28 15:55 - 2015-11-28 16:12 - 00000000 ____D C:\zoek_backup
2015-11-28 15:53 - 2015-11-28 15:53 - 00008432 _____ C:\Users\Moravskesluzby.cz\Desktop\rogue.txt
2015-11-28 15:38 - 2015-11-28 15:39 - 01309184 _____ C:\Users\Moravskesluzby.cz\Desktop\zoek.exe
2015-11-28 12:35 - 2015-11-28 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Doom - Plutonia (ZDoom engine)
2015-11-28 12:34 - 2015-11-28 12:35 - 00000000 ____D C:\Program Files (x86)\Final ZDoom - Plutonia
2015-11-28 11:59 - 2015-11-28 15:38 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-11-28 11:59 - 2015-11-28 12:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-28 11:59 - 2015-11-28 11:59 - 23719496 _____ C:\Users\Moravskesluzby.cz\Downloads\RogueKillerX64.exe
2015-11-28 11:57 - 2015-11-28 11:57 - 00001193 _____ C:\Users\Moravskesluzby.cz\Desktop\JRT1.txt
2015-11-28 11:57 - 2015-11-28 11:57 - 00001193 _____ C:\Users\Moravskesluzby.cz\Desktop\JRT.txt
2015-11-28 11:52 - 2015-11-28 11:52 - 01599336 _____ (Malwarebytes) C:\Users\Moravskesluzby.cz\Downloads\JRT.exe
2015-11-28 11:50 - 2015-11-28 11:50 - 00000080 _____ C:\Users\Moravskesluzby.cz\Desktop\uTorrent.lnk
2015-11-28 11:50 - 2015-11-28 11:50 - 00000080 _____ C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\uTorrent.lnk
2015-11-28 11:31 - 2015-11-28 11:32 - 00000666 _____ C:\Users\Moravskesluzby.cz\Desktop\AdwCleaner[S3].txt
2015-11-28 10:38 - 2015-11-28 11:37 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 10:37 - 2015-11-28 11:51 - 00001119 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 10:37 - 2015-11-28 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 10:37 - 2015-11-28 10:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-28 10:37 - 2015-11-28 10:37 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Moravskesluzby.cz\Downloads\mbam-setup-2.1.4.1018.exe
2015-11-28 10:37 - 2015-11-28 10:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 10:37 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-28 10:37 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-28 10:37 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-28 10:33 - 2015-11-28 10:33 - 22908888 _____ (Malwarebytes ) C:\Users\Moravskesluzby.cz\Downloads\Nepotvrzeno 806780.crdownload
2015-11-28 10:32 - 2015-11-28 10:32 - 00000758 _____ C:\Users\Moravskesluzby.cz\Desktop\AdwCleaner[C2].txt
2015-11-28 10:30 - 2015-11-28 10:30 - 01733632 _____ C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (2).exe
2015-11-28 10:26 - 2015-11-28 10:26 - 01733632 _____ C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022 (1).exe
2015-11-28 10:20 - 2015-11-28 11:51 - 00000913 _____ C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2015-11-28 10:20 - 2015-11-28 11:50 - 00000907 _____ C:\Users\Moravskesluzby.cz\Desktop\Temp File Cleaner.lnk
2015-11-28 10:20 - 2015-11-28 10:20 - 02073320 _____ C:\Users\Moravskesluzby.cz\Downloads\TempFileCleaner_4.4.0_Setup.exe
2015-11-28 10:20 - 2015-11-28 10:20 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\addpcs
2015-11-28 10:20 - 2015-11-28 10:20 - 00000000 ____D C:\Program Files\Temp File Cleaner
2015-11-28 00:13 - 2015-11-28 00:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\Moravskesluzby.cz\Downloads\hijackthis.exe
2015-11-28 00:02 - 2015-11-28 00:02 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-28 00:02 - 2015-11-28 00:02 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-27 23:59 - 2015-11-27 23:59 - 04372040 _____ (UltimateOutsider) C:\Users\Moravskesluzby.cz\Downloads\GWX_stopper.exe
2015-11-27 23:26 - 2015-11-28 11:36 - 00000000 ____D C:\AdwCleaner
2015-11-27 23:26 - 2015-11-27 23:26 - 01733632 _____ C:\Users\Moravskesluzby.cz\Downloads\adwcleaner_5.022.exe
2015-11-27 23:20 - 2015-11-27 23:20 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Moravskesluzby.cz\Downloads\SpyHunter-Installer.exe
2015-11-27 23:11 - 2015-11-27 23:12 - 14045413 _____ C:\Users\Moravskesluzby.cz\Downloads\Final_Doom-The_Plutonia_Experiment_with_engine_ZDoom_for_Windows_7_32bit-64bit.rar
2015-11-27 23:06 - 2015-11-28 16:15 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-11-27 23:06 - 2015-11-27 23:07 - 00000129 _____ C:\windows\SysWOW64\L
2015-11-27 23:06 - 2015-11-27 23:06 - 00000008 __RSH C:\Users\Moravskesluzby.cz\ntuser.pol
2015-11-27 23:05 - 2015-11-27 23:05 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\Torrentex
2015-11-26 13:57 - 2015-11-26 13:57 - 00390244 _____ C:\Users\Moravskesluzby.cz\Downloads\19_ZDROJE_FINANCOVÁNÍ_MAJETKU (1).pptx
2015-11-26 13:26 - 2015-11-26 13:26 - 00236281 _____ C:\Users\Moravskesluzby.cz\Downloads\32-10-21.pptx
2015-11-22 15:06 - 2015-11-22 15:06 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\Hercules_0
2015-11-22 14:59 - 2015-11-22 15:15 - 383930950 _____ C:\Users\Moravskesluzby.cz\Downloads\Crash_Bandicoot_Wrath_Of_Cortex_PAL__DVD_.rar
2015-11-22 14:55 - 2015-11-22 14:55 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\wcx_7zip_0.7.6.5a.bin
2015-11-22 14:54 - 2015-11-22 14:55 - 00612889 _____ C:\Users\Moravskesluzby.cz\Downloads\wcx_7zip_0.7.6.5a.bin.zip
2015-11-22 14:53 - 2015-11-22 14:53 - 01093126 _____ (Igor Pavlov) C:\Users\Moravskesluzby.cz\Downloads\7z1512.exe
2015-11-22 14:53 - 2015-11-22 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-11-22 14:53 - 2015-11-22 14:53 - 00000000 ____D C:\Program Files (x86)\7-Zip
2015-11-22 14:48 - 2015-11-22 14:57 - 221329669 _____ C:\Users\Moravskesluzby.cz\Downloads\Hercules_0.7z
2015-11-22 14:44 - 2015-11-22 14:48 - 109188287 _____ C:\Users\Moravskesluzby.cz\Downloads\HercsAdventures.7z
2015-11-22 14:36 - 2015-11-22 14:42 - 91638234 _____ C:\Users\Moravskesluzby.cz\Downloads\Tom and Jerry in house Trap.rar
2015-11-21 22:04 - 2015-11-21 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Alert
2015-11-21 21:58 - 2015-11-21 21:58 - 00000000 ____D C:\Games
2015-11-21 21:56 - 2015-11-21 21:57 - 11107039 _____ (FunkyFr3sh ) C:\Users\Moravskesluzby.cz\Downloads\RA1installer.exe
2015-11-21 21:50 - 2015-11-22 00:58 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\red alert cac
2015-11-21 21:40 - 2015-11-21 22:40 - 361670181 _____ C:\Users\Moravskesluzby.cz\Downloads\red_alert.zip
2015-11-21 21:37 - 2015-11-21 21:45 - 526433084 _____ C:\Users\Moravskesluzby.cz\Downloads\RedAlert1_SovietDisc.rar
2015-11-21 21:35 - 2015-11-21 22:04 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\1.serie
2015-11-21 21:29 - 2015-11-21 21:29 - 00019874 _____ C:\Users\Moravskesluzby.cz\Downloads\[CzT]Command_Conquer_Red_Alert_Datadisky_Counterstike_The_Aftermath_1996_.torrent
2015-11-21 21:23 - 2015-11-21 21:24 - 51431065 _____ C:\Users\Moravskesluzby.cz\Downloads\command-conquer-red-alert_Stare-hry_cz.zip
2015-11-21 17:55 - 2015-11-21 17:55 - 00014790 _____ C:\Users\Moravskesluzby.cz\Downloads\[CzT]Jak_funguji_drogy_Konopi_How_Drugs_Work_Cannabis_1_3_2011_TVRip_.torrent
2015-11-21 17:51 - 2015-11-21 17:51 - 00014114 _____ C:\Users\Moravskesluzby.cz\Downloads\[CzT]Konec_sveta_byl_a_bude_2012_TVRip_ (1).torrent
2015-11-20 20:29 - 2015-11-20 20:29 - 00000000 ____D C:\Users\Moravskesluzby.cz\Desktop\jpeg resampler
2015-11-20 20:28 - 2015-11-20 20:28 - 01338232 _____ C:\Users\Moravskesluzby.cz\Downloads\JR2010.zip
2015-11-20 19:50 - 2015-11-20 23:18 - 00008192 _____ C:\Users\Moravskesluzby.cz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-20 09:09 - 2015-11-20 09:09 - 00000135 _____ C:\Users\Moravskesluzby.cz\Downloads\SwissGroove.m3u
2015-11-19 19:40 - 2015-11-19 20:01 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\gens-win32-bin-2.14
2015-11-19 19:40 - 2015-11-19 19:40 - 02254463 _____ C:\Users\Moravskesluzby.cz\Downloads\sonic2knuckles.zip
2015-11-19 19:39 - 2015-11-19 19:39 - 00587213 _____ C:\Users\Moravskesluzby.cz\Downloads\gens-win32-bin-2.14.zip
2015-11-17 12:55 - 2015-11-17 12:57 - 00000000 ____D C:\Users\Moravskesluzby.cz\Downloads\h114
2015-11-17 10:28 - 2015-11-17 12:49 - 1004560520 _____ C:\Users\Moravskesluzby.cz\Downloads\h114.rar
2015-11-16 19:16 - 2015-11-16 19:16 - 00187624 _____ C:\Users\Moravskesluzby.cz\Downloads\stopangin-pil.pdf
2015-11-16 12:45 - 2015-11-16 12:45 - 00000000 ____D C:\Users\Moravskesluzby.cz\Documents\Doom PS1
2015-11-15 21:16 - 2015-11-15 21:16 - 00000000 ____D C:\Users\Moravskesluzby.cz\Documents\Ashampoo Burning Studio FREE
2015-11-15 21:01 - 2015-11-15 21:01 - 07716056 _____ (Alcohol Soft Development Team) C:\Users\Moravskesluzby.cz\Downloads\Alcohol120_trial_2.0.3.6839.exe
2015-11-15 20:51 - 2015-11-15 21:09 - 00867064 _____ (Duplex Secure Ltd.) C:\windows\system32\Drivers\sptd.sys
2015-11-15 20:47 - 2015-11-15 20:48 - 09140460 _____ C:\Users\Moravskesluzby.cz\Downloads\alkohol-120%.rar
2015-11-15 20:39 - 2015-11-28 11:51 - 00001324 _____ C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\Ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Local\ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\ProgramData\Ashampoo
2015-11-15 20:39 - 2015-11-15 20:39 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2015-11-15 20:34 - 2015-11-15 20:35 - 32884120 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Moravskesluzby.cz\Downloads\ashampoo_burning_studio_free_21520.exe
2015-11-15 18:01 - 2015-11-15 18:01 - 01207668 _____ C:\Users\Moravskesluzby.cz\Downloads\Red.Alert-XP.Patch.zip
2015-11-14 19:18 - 2015-11-15 18:16 - 00000000 ____D C:\Program Files (x86)\Oldgames
2015-11-14 19:17 - 2015-11-14 19:18 - 43740563 _____ (DJ, dj@oldgames.sk) C:\Users\Moravskesluzby.cz\Downloads\Command.and.Conquer.Red.Alert-www.oldgames.sk-Compilation.exe
2015-11-12 23:57 - 2015-11-13 00:00 - 41205696 _____ C:\Users\Moravskesluzby.cz\Downloads\Atomic-Bomberman.zip
2015-11-12 23:52 - 2015-11-12 23:53 - 09280291 _____ C:\Users\Moravskesluzby.cz\Downloads\atomic-bomberman_95.zip
2015-11-12 23:06 - 2015-11-12 23:06 - 00324487 _____ C:\Users\Moravskesluzby.cz\Downloads\MMO.pdf
2015-11-12 20:38 - 2015-11-12 21:06 - 496988719 _____ C:\Users\Moravskesluzby.cz\Downloads\C2.SLES_109.49.rar
2015-11-12 19:58 - 2015-11-12 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom (ZDoom engine)
2015-11-12 19:57 - 2015-11-12 19:58 - 00000000 ____D C:\Program Files (x86)\ZDoom
2015-11-12 19:54 - 2015-11-12 19:55 - 09968410 _____ C:\Users\Moravskesluzby.cz\Downloads\doom_with_engine_zdoom_for_windows_7_32bit-64bit.rar
2015-11-12 17:10 - 2015-11-12 17:10 - 02637222 _____ C:\Users\Moravskesluzby.cz\Downloads\ZQTD_690_EEC.pdf
2015-11-12 17:07 - 2015-11-12 17:08 - 09198170 _____ C:\Users\Moravskesluzby.cz\Downloads\ZQTD_Baterie_LiFePO4_48V_45Ah.rar
2015-11-11 21:57 - 2015-11-11 21:57 - 02218175 _____ C:\Users\Moravskesluzby.cz\Downloads\doom.zip
2015-11-11 10:04 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 10:04 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 10:04 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 10:04 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 10:04 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 10:04 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 10:04 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 10:04 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 10:04 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-11-11 10:04 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 10:04 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 10:04 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 10:04 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 10:04 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 10:04 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 10:04 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-11-11 10:04 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 10:04 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 10:04 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 10:04 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 10:04 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 10:04 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 10:04 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 10:04 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 10:04 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 10:04 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 10:04 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 10:04 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-11-11 10:04 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 10:04 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 10:04 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 10:04 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 10:04 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 10:04 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 10:04 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 10:04 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 10:04 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 10:04 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 10:04 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 10:04 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-11-11 10:04 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-11-11 10:04 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-11-11 10:04 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-11-11 10:04 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 10:04 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 10:04 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2015-11-11 10:04 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2015-11-11 10:04 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 10:04 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 10:04 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 10:04 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 10:04 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-11-11 10:04 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 10:04 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 10:04 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-11-11 10:04 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 10:04 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-11-11 10:04 - 2015-09-12 14:47 - 00414559 _____ C:\windows\system32\ApnDatabase.xml
2015-11-11 10:04 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-11-11 10:04 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-11-11 10:04 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-11-11 10:04 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys
2015-11-11 10:04 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-11-11 10:04 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-11-11 10:04 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-11-11 10:04 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-11-11 10:04 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-11-11 10:03 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-11-11 10:03 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-11-11 10:03 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-11-11 10:03 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-11-11 10:03 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 10:03 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-11-11 10:03 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-11-09 14:27 - 2015-11-09 14:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-09 14:27 - 2015-11-09 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-03 14:42 - 2015-11-03 14:42 - 00181223 _____ C:\Users\Moravskesluzby.cz\Downloads\trittico-ac-150-pil.pdf
2015-10-31 21:21 - 2015-10-31 21:21 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Local\DOSBox
2015-10-31 21:19 - 2015-10-31 21:19 - 00389805 _____ C:\Users\Moravskesluzby.cz\Downloads\wgens211.zip
2015-10-31 21:17 - 2015-10-31 21:20 - 46143609 _____ C:\Users\Moravskesluzby.cz\Downloads\doom2.zip
2015-10-31 21:15 - 2015-10-31 21:15 - 06003907 _____ C:\Users\Moravskesluzby.cz\Downloads\59.rar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-28 16:19 - 2013-08-22 14:36 - 00000000 ____D C:\Windows
2015-11-28 16:16 - 2014-09-19 14:46 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Local\CrashDumps
2015-11-28 16:15 - 2014-09-16 11:35 - 00000970 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-28 16:14 - 2013-08-22 15:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-28 16:14 - 2013-08-22 14:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-11-28 16:13 - 2014-02-11 02:36 - 00016896 _____ C:\windows\system32\VfService.trf
2015-11-28 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-11-28 16:10 - 2013-08-22 16:36 - 00000000 ____D C:\windows\system32\GroupPolicy
2015-11-28 15:48 - 2014-09-16 05:18 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2463396478-638413890-950990422-1001
2015-11-28 15:45 - 2014-02-11 02:30 - 00740946 _____ C:\windows\system32\perfh005.dat
2015-11-28 15:45 - 2014-02-11 02:30 - 00152150 _____ C:\windows\system32\perfc005.dat
2015-11-28 15:45 - 2013-10-07 19:27 - 01749406 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-28 15:45 - 2013-08-22 14:36 - 00000000 ____D C:\windows\Inf
2015-11-28 15:23 - 2014-09-16 11:35 - 00000974 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-28 13:07 - 2014-10-16 16:26 - 00000000 ___RD C:\Users\Moravskesluzby.cz\Desktop\Hry
2015-11-28 11:51 - 2015-10-28 14:43 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-28 11:51 - 2015-10-28 14:43 - 00001048 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-28 11:51 - 2015-10-25 14:44 - 00002002 _____ C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2015-11-28 11:51 - 2015-10-25 14:37 - 00001997 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-11-28 11:51 - 2015-10-25 14:24 - 00001915 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2015-11-28 11:51 - 2015-09-20 09:20 - 00000922 _____ C:\Users\Public\Desktop\AIMP3.lnk
2015-11-28 11:51 - 2014-10-12 17:38 - 00002741 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-28 11:51 - 2014-09-17 17:42 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-11-28 11:51 - 2014-09-15 21:08 - 00000899 _____ C:\Users\Public\Desktop\Total Commander.lnk
2015-11-28 11:51 - 2014-09-15 20:56 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-28 11:51 - 2014-02-11 02:27 - 00001985 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-11-28 11:51 - 2013-08-22 07:57 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
2015-11-28 11:51 - 2013-08-22 07:57 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
2015-11-28 11:51 - 2013-08-22 07:57 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2015-11-28 11:51 - 2013-08-22 07:54 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2015-11-28 11:51 - 2013-08-22 07:48 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
2015-11-28 11:50 - 2014-11-01 16:38 - 00000947 _____ C:\Users\Moravskesluzby.cz\Desktop\IHR3040n.lnk
2015-11-28 10:29 - 2014-09-16 19:04 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-28 10:21 - 2014-10-09 12:27 - 00000000 ____D C:\windows\Minidump
2015-11-28 10:21 - 2014-10-04 21:17 - 00000000 ____D C:\Temp
2015-11-28 10:21 - 2014-02-11 02:29 - 00000000 ____D C:\ProgramData\Temp
2015-11-28 00:02 - 2014-09-16 19:04 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-28 00:02 - 2014-09-16 19:04 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-27 23:07 - 2015-07-14 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-11-27 23:06 - 2014-09-16 03:45 - 00000000 ____D C:\Users\Moravskesluzby.cz
2015-11-27 23:05 - 2014-09-16 11:35 - 00002233 ____R C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2015-11-27 23:05 - 2014-09-16 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-27 23:05 - 2014-09-16 03:45 - 00002067 ____R C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk
2015-11-27 00:30 - 2014-09-15 19:56 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\AIMP3
2015-11-23 13:26 - 2014-09-15 20:12 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\uTorrent
2015-11-22 15:34 - 2015-09-20 16:33 - 827659350 ____R C:\Users\Moravskesluzby.cz\Downloads\Ano, šéfe s Gordonem Ramsaym USA S05E07.mp4
2015-11-19 19:41 - 2000-04-26 08:36 - 03408384 _____ C:\Users\Moravskesluzby.cz\Desktop\Sonic 2 & Knuckles.smd
2015-11-19 15:14 - 2014-09-21 15:48 - 00000000 ____D C:\Users\Moravskesluzby.cz\Desktop\Moravské úklidové služby
2015-11-16 12:47 - 2013-08-22 16:36 - 00000000 ____D C:\windows\AppReadiness
2015-11-13 19:09 - 2013-08-22 16:36 - 00000000 ____D C:\windows\rescache
2015-11-12 11:51 - 2013-08-22 15:44 - 00495944 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-11 23:49 - 2013-08-22 16:36 - 00000000 ___RD C:\windows\ToastData
2015-11-11 10:45 - 2013-08-22 16:20 - 00000000 ____D C:\windows\CbsTemp
2015-11-11 10:36 - 2014-09-15 20:03 - 00000000 ____D C:\windows\system32\MRT
2015-11-11 10:25 - 2014-09-15 20:03 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-10 09:18 - 2014-02-11 02:37 - 00000000 ____D C:\ProgramData\Energy Manager
2015-11-10 00:18 - 2014-10-12 17:38 - 00000000 ____D C:\Users\Moravskesluzby.cz\AppData\Roaming\Skype
2015-11-09 14:27 - 2014-10-12 17:38 - 00000000 ____D C:\ProgramData\Skype
2015-11-03 01:23 - 2014-09-15 21:20 - 00810488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 01:23 - 2014-09-15 21:20 - 00176632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-09-16 03:46 - 2014-09-17 16:32 - 0003040 _____ () C:\Users\Moravskesluzby.cz\AppData\Roaming\AbsoluteReminder.xml
2015-11-20 19:50 - 2015-11-20 23:18 - 0008192 _____ () C:\Users\Moravskesluzby.cz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 02:16 - 2014-02-11 02:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-23 21:56

==================== End of FRST.txt ============================

crashik1
nováček
Příspěvky: 7
Registrován: listopad 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Otevřel jsem exe které jsem neměl / prosím o kontrolu

Příspěvekod crashik1 » 28 lis 2015 16:30

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-11-2015
Ran by Moravskesluzby.cz (2015-11-28 16:20:39)
Running from C:\Users\Moravskesluzby.cz\Downloads
Windows 8.1 (X64) (2014-09-16 02:44:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2463396478-638413890-950990422-500 - Administrator - Disabled)
Guest (S-1-5-21-2463396478-638413890-950990422-501 - Limited - Disabled)
Moravskesluzby.cz (S-1-5-21-2463396478-638413890-950990422-1001 - Administrator - Enabled) => C:\Users\Moravskesluzby.cz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe Reader XI - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Doom (engine ZDoom 2.6.1) (HKLM-x32\...\Doom (engine ZDoom 2.6.1)) (Version: - )
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
Final Doom: The Plutonia Experiment (engine ZDoom 2.6.1) (HKLM-x32\...\Final Doom: The Plutonia Experiment (engine ZDoom 2.6.1)) (Version: - )
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Icecream PDF Split and Merge version 1.03 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 1.03 - Icecream Apps)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel(R) Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
JPEG Resampler Vs 5.99.99 (HKLM-x32\...\JPEG Resampler_is1) (Version: - David Macek)
K-Lite Mega Codec Pack 10.7.1 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.1 - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10250 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{3963D1D4-8723-4EE4-9694-D1078BB26B75}) (Version: 2.0.0.1017 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.1017 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Malwarebytes Anti-Malware verze 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
MediaHuman YouTube to MP3 Converter verze 3.6.7 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.6.7 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
ProFact 4.0 (HKLM-x32\...\ProFact 4.0_is1) (Version: - eXmind)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7133 - Realtek Semiconductor Corp.)
Red Alert 3.03p-Iran (HKLM-x32\...\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1) (Version: 3.03p-Iran - FunkyFr3sh)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.51 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Název společnosti:)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Web'n'walk Manager (HKLM-x32\...\T-Mobile Communication Centre) (Version: - )
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2463396478-638413890-950990422-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

21-11-2015 00:19:44 Scheduled Checkpoint
28-11-2015 11:53:13 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-11-28 15:56 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12263095-9DEC-441B-87B0-C1E34E549FE8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-28] (AVAST Software)
Task: {27D34CA3-5254-4C19-A0CF-59821A8CA573} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2AC39DBD-308D-4C95-9D18-51E5A95E044C} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-06] ()
Task: {41593330-2F4D-4EE6-BEE0-0FD89A8D24D1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-11] (Synaptics Incorporated)
Task: {683DE8A4-8671-4DCB-AEFB-AEA84BFE7DEA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {79FB1ED4-80F0-4C43-97B3-08CAFD45D30C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {AC6E0EC6-CFC7-4CC1-A23E-EF6DFF0D7B6C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {BED07B8F-1858-4855-A00F-1B00FF9CBBC4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {C256094A-6B42-4CB7-8900-805D12CF3F6A} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {D72E0D0D-4126-4A96-9341-A3B10C0CBE53} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-04] ()
Task: {E2B44198-482D-4E10-B8ED-67DF62186711} - System32\Tasks\{0223DE7A-8D10-4995-BA49-65494293A883} => pcalua.exe -a "C:\Users\Moravskesluzby.cz\Desktop\vag-com CZ\Drivers\409.1VAG-COM USB_Driver\FTDIUNIN.EXE" -d "C:\Users\Moravskesluzby.cz\Desktop\vag-com CZ\Drivers\409.1VAG-COM USB_Driver"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) <==== ATTENTION
Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) <==== ATTENTION
Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File) <==== ATTENTION
Shortcut: C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) <==== ATTENTION

Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File) <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-28 14:43 - 2015-08-18 12:52 - 00020240 _____ () C:\windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-08-02 02:31 - 2013-08-02 02:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-02 02:31 - 2013-08-02 02:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-02 02:31 - 2013-08-02 02:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-02-11 02:34 - 2012-04-25 03:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-02-11 02:36 - 2014-02-11 02:36 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2014-02-11 02:36 - 2014-02-11 02:36 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-02-11 02:16 - 2014-08-13 23:24 - 00453448 _____ () C:\windows\system32\igfxTray.exe
2015-11-28 00:02 - 2015-11-28 00:02 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-28 00:02 - 2015-11-28 00:02 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-27 23:30 - 2015-11-27 23:30 - 02995712 _____ () C:\Program Files\AVAST Software\Avast\defs\15112701\algo.dll
2015-11-28 00:02 - 2015-11-28 00:02 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-28 16:15 - 2015-11-28 16:15 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112800\algo.dll
2015-05-19 10:15 - 2015-05-19 10:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-11 10:52 - 2015-11-07 05:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 10:52 - 2015-11-07 05:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2014-02-11 02:05 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-09-25 22:48 - 2015-09-25 22:48 - 00043656 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32api.pyd
2015-09-25 22:47 - 2015-09-25 22:47 - 00061576 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pywintypes27.dll
2015-09-25 22:47 - 2015-09-25 22:47 - 00127624 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pythoncom27.dll
2015-09-25 22:48 - 2015-09-25 22:48 - 00024200 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_multiprocessing.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00046728 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ctypes.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00027784 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32service.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00024712 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\servicemanager.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00031368 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_socket.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00445064 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ssl.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00288904 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_hashlib.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00019080 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\select.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00022152 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32pipe.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00046728 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32file.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00019592 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32event.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00372360 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_bsddb.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00026248 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32process.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00022152 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32ts.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00020616 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32profile.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00044680 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32security.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00026760 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32inet.pyd
2015-09-25 22:48 - 2015-09-25 22:48 - 00191624 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\unicodedata.pyd
2015-09-25 22:47 - 2015-09-25 22:47 - 00024200 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\EnvironmentID.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463396478-638413890-950990422-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Moravskesluzby.cz\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463396478-638413890-950990422-1001\...\StartupApproved\Run: => "T-Mobile Communication Centre"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{88DCD48E-855B-4CCB-90C2-79C909741449}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DCDD6732-1F13-4877-AB74-8F6F6FF2AA7D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{58E1559F-EA5D-4BAB-931D-44BC22311D34}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{254F1BB7-A809-402F-8B50-9A2C2DBDD7AD}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{0D963702-4086-4494-9390-DA6FB484CC39}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{B4989F16-CF1E-464A-B541-27E32D0D9EF5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{FD343123-2E0B-4F04-8712-CEA67031BC5C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{28B25E07-8678-4F03-B998-8C8C0BFD77DC}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A63338E7-F90D-4D50-B0D5-77FCE77FA71F}] => (Allow) C:\Users\Moravskesluzby.cz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A525A67B-51F3-4A36-B89D-CFBA5F5D8FA1}] => (Allow) C:\Users\Moravskesluzby.cz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{340313E1-1A34-47CF-A281-63AB95E359E3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5017B59F-9AA3-4223-8FAC-DE2D013AA445}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{84FD9B7B-9ECF-4419-A3EB-B624929B62F1}C:\program files (x86)\cs1.6\hl.exe] => (Allow) C:\program files (x86)\cs1.6\hl.exe
FirewallRules: [UDP Query User{0338A133-96B8-44AE-8FCB-8897A13CD226}C:\program files (x86)\cs1.6\hl.exe] => (Allow) C:\program files (x86)\cs1.6\hl.exe
FirewallRules: [TCP Query User{4F017F06-A691-444B-8D3B-04CED989A726}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E0307AEF-659C-42B7-86CE-9B4DE46C1326}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DD5CFA20-75AF-4026-8B87-62057637DB09}C:\program files (x86)\cs1.6\hlds.exe] => (Allow) C:\program files (x86)\cs1.6\hlds.exe
FirewallRules: [UDP Query User{56FEF6A1-788A-415B-90E2-E5A0B75E76C7}C:\program files (x86)\cs1.6\hlds.exe] => (Allow) C:\program files (x86)\cs1.6\hlds.exe
FirewallRules: [{D5951238-B000-4B05-A2DD-700F7075A809}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{F0AF93C4-0285-4D1F-9A31-7F7DC2D706D7}C:\program files (x86)\cs1.6\hltv.exe] => (Block) C:\program files (x86)\cs1.6\hltv.exe
FirewallRules: [UDP Query User{5F8F103C-BF47-46C7-9B8F-8230F65C9649}C:\program files (x86)\cs1.6\hltv.exe] => (Block) C:\program files (x86)\cs1.6\hltv.exe
FirewallRules: [TCP Query User{85F42B6D-477A-4C78-8B79-A53D3DC424D3}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{8B05ACE6-E8AC-4778-A292-5DF443D1F048}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{6B215734-9563-4C5F-B7A7-94F7CA3FE702}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0E728D30-5FBC-4182-8BD2-5917E432F21D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{DD99AE94-F7AE-4CD3-AAAF-697B8BDBA6BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{566D0B8B-B858-44A4-AAAB-4E0E9C24AD4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8BDEF55E-03C8-433C-8443-8B197BDB2896}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{150550E0-8414-48E6-9AE8-04B8B0A3091C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EFF15DBA-7665-4864-965A-2129180EC396}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1FA816E-06BE-4B08-B6ED-554F2FB8540D}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{47E758BE-3B08-4088-8B0F-257A971B5E77}] => (Allow) C:\Torrentex\Torrentex.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2015 04:16:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x10f8
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/28/2015 03:56:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x00007ff9002e2f4c
ID chybujícího procesu: 0xc0c
Čas spuštění chybující aplikace: 0xDaS_21.exe0
Cesta k chybující aplikaci: DaS_21.exe1
Cesta k chybujícímu modulu: DaS_21.exe2
ID zprávy: DaS_21.exe3
Úplný název chybujícího balíčku: DaS_21.exe4
ID aplikace související s chybujícím balíčkem: DaS_21.exe5

Error: (11/28/2015 03:56:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.NullReferenceException
Zásobník:
na DriverAndServicesOut.GetProcess.GetPathName(System.String)
na DriverAndServicesOut.GetProcess.GetAllServices(System.String)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (11/28/2015 11:34:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x1468
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/28/2015 10:29:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x1384
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/27/2015 11:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x520
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/26/2015 05:43:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: UMonit64.exe, verze: 13.0.0.0, časové razítko: 0x52007056
Název chybujícího modulu: ustor.dll, verze: 6.3.9600.18007, časové razítko: 0x55c4bc8e
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4f2
ID chybujícího procesu: 0x16d4
Čas spuštění chybující aplikace: 0xUMonit64.exe0
Cesta k chybující aplikaci: UMonit64.exe1
Cesta k chybujícímu modulu: UMonit64.exe2
ID zprávy: UMonit64.exe3
Úplný název chybujícího balíčku: UMonit64.exe4
ID aplikace související s chybujícím balíčkem: UMonit64.exe5

Error: (11/26/2015 01:21:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={312761A4-AB9E-4D15-BD62-9EF5FF3FF4E9}: The user MUS\Moravskesluzby.cz dialed a connection named APN Internet (Huawei E1750, COM14) #2 which has failed. The error code returned on failure is 678.

Error: (11/26/2015 01:21:38 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D84B89B4-90EB-451E-9D0E-A0B7A4A559F1}: The user MUS\Moravskesluzby.cz dialed a connection named APN Internet (Huawei E1750, COM14) which has failed. The error code returned on failure is 678.

Error: (11/26/2015 01:21:29 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0401B4B0-2AE9-420F-AB1A-B0957201D465}: The user MUS\Moravskesluzby.cz dialed a connection named APN Internet (Huawei E1750, COM14) which has failed. The error code returned on failure is 678.


System errors:
=============
Error: (11/28/2015 04:17:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee VirusScan Announcer neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/28/2015 04:15:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba VBoxAsw Support Driver neuspěla při spuštění v důsledku následující chyby:
%%2

Error: (11/28/2015 04:15:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba McAfee Anti-Malware Core závisí na následující službě: mfevtp. Tato služba pravděpodobně není nainstalována.

Error: (11/28/2015 04:15:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Služba McAfee AP Service závisí na následující službě: mfevtp. Tato služba pravděpodobně není nainstalována.

Error: (11/28/2015 04:14:21 PM) (Source: sptd) (EventID: 4) (User: )
Description: Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error: (11/28/2015 04:10:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/28/2015 04:10:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


CodeIntegrity:
===================================
Date: 2015-10-28 19:25:02.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 19:23:35.192
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 19:22:16.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-28 19:22:15.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 19:43:44.028
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-10-17 19:43:29.185
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:40:11.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:39:33.113
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:39:01.733
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-19 20:38:19.025
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 43%
Total physical RAM: 4008.27 MB
Available physical RAM: 2249.07 MB
Total Virtual: 8104.27 MB
Available Virtual: 6235.59 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:423.42 GB) (Free:0.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:11.21 GB) NTFS
Drive e: (CD2) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 758A51E1)

Partition: GPT.

==================== End of Addition.txt ============================


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 49 hostů