Kontrola logu, zavirovaný PC Win32/filecoder Vyřešeno

[Jirka008]

Dobrý den,

chtěl bych vás požádat kontrolu logu z HJT.
Jedná se o zavirovaný PC virem Win32/filecoder.

Děkuji!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:40, on 29. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Hrstka\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KabexAsxoj] regsvr32.exe "C:\ProgramData\KabexAsxoj\AiwuhIbxen.dnp"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [{B7ED0342-5301-4090-9B16-118EEDBFB5BC}] regsvr32.exe "C:\Users\Hrstka\AppData\Local\KiyEsdu\Quqej.dll"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: +REcovER+bnevw+.png
O4 - Startup: +REcovER+gwyfd+.png
O4 - Startup: +REcovER+qoynb+.png
O4 - Startup: +REcovER+vkmgi+.png
O4 - Startup: Thumbs.db
O4 - Startup: {RecOveR}-vhlln__.Png
O4 - Startup: {RecOveR}-yjdwn__.Png
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 7763 bytes

[Reklama]

[Orcus]

V HJT fixni:
O4 - HKCU\..\Run: [KabexAsxoj] regsvr32.exe "C:\ProgramData\KabexAsxoj\AiwuhIbxen.dnp"
O4 - HKCU\..\Run: [{B7ED0342-5301-4090-9B16-118EEDBFB5BC}] regsvr32.exe "C:\Users\Hrstka\AppData\Local\KiyEsdu\Quqej.dll"
O4 - Startup: +REcovER+bnevw+.png
O4 - Startup: +REcovER+gwyfd+.png
O4 - Startup: +REcovER+qoynb+.png
O4 - Startup: +REcovER+vkmgi+.png
O4 - Startup: Thumbs.db
O4 - Startup: {RecOveR}-vhlln__.Png
O4 - Startup: {RecOveR}-yjdwn__.Png


===================================================

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na tlačítko "Logfile" načež se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
- Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:

Aktualizace Malwarebytes' Anti-Malware
Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec

- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Jirka008]

Níže přikládám oba požadované logy:

# AdwCleaner v5.201 - Logfile created 29/07/2016 at 17:38:32
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 8.1 Connected (X64)
# Username : Hrstka - LENOVO-PC
# Running from : C:\Users\Hrstka\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\pokki
Folder Found : C:\ProgramData\Application Data\pokki
Folder Found : C:\Users\Default User\AppData\Local\Pokki
Folder Found : C:\Users\Default\AppData\Local\Pokki

***** [ Files ] *****

File Found : C:\windows\SysWOW64\VisualDiscovery.ini
File Found : C:\windows\SysWOW64\VisualDiscoveryOff.ini
File Found : C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\invalidprefs.js
File Found : C:\windows\SysNative\VisualDiscoveryOff.ini

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
Key Found : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
Key Found : HKCU\Software\Classes\pokki
Key Found : HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Key Found : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Key Found : HKLM\SOFTWARE\VisualDiscovery

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2402 bytes] - [29/07/2016 17:38:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2475 bytes] ##########





Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 29. 7. 2016
Čas skenování: 17:44
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.08
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Hrstka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 295345
Uplynulý čas: 15 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, , [e3e962c7a5f54fe7b73de5d55ba810f0],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, , [7d4f1c0d9901a690747ca9298d7655ab],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, , [8844ee3bbddd3bfb32be4092d52e1ce4],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Jirka008]

Níže vkládám požadované logy.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30. 7. 2016
Čas skenování: 10:13
Protokol: mbam1.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.08
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Hrstka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 296594
Uplynulý čas: 10 min, 19 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, Do karantény, [02cae1489efc2610579dcceec83bcd33],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, Do karantény, [efdd33f64a50a096f9f7e3ef0af99c64],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, Do karantény, [7c509099b0ea1a1c826ee3ef7192ca36],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)


# AdwCleaner v5.201 - Logfile created 30/07/2016 at 10:29:08
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Local]
# Operating system : Windows 8.1 Connected (X64)
# Username : Hrstka - LENOVO-PC
# Running from : C:\Users\Hrstka\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\pokki
[#] Folder Deleted : C:\ProgramData\Application Data\pokki
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki

***** [ Files ] *****

[-] File Deleted : C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\invalidprefs.js

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2294 bytes] - [30/07/2016 10:29:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [2554 bytes] - [29/07/2016 17:38:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [2457 bytes] - [30/07/2016 10:26:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2513 bytes] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Connected x64
Ran by Hrstka (Administrator) on so 30. 07. 2016 at 10:37:17,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCA1FCEC-1B89-4956-9B88-111302C5AB4D} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 30. 07. 2016 at 10:39:31,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RogueKiller V12.4.1.0 (x64) [Jul 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Hrstka [Práva správce]
Started from : C:\Users\Hrstka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/30/2016 11:13:35

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B24EF80F-E202-44F5-B6FD-B4B780182989} | DhcpNameServer : 150.208.1.2 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B24EF80F-E202-44F5-B6FD-B4B780182989} | DhcpNameServer : 150.208.1.2 ([X]) -> Nalezeno

¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001Core.job -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001UA.job -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Nalezeno
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001Core -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Nalezeno
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001UA -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] 95df391da8d847c9955869eb8d2ea128
[BSP] eb9975a40ec00baaaebeb5a171d1590f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 435344 MB
5 - Basic data partition | Offset (sectors): 896477184 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 948905984 | Size: 13607 MB
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

[Jirka008]

Níže přikládám požadované logy. Vše se zdá v pořádku.
Velmi děkuji za pomoc.

RogueKiller V12.4.1.0 (x64) [Jul 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Hrstka [Práva správce]
Started from : C:\Users\Hrstka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/31/2016 13:20:17

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] 95df391da8d847c9955869eb8d2ea128
[BSP] eb9975a40ec00baaaebeb5a171d1590f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 435344 MB
5 - Basic data partition | Offset (sectors): 896477184 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 948905984 | Size: 13607 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: JetFlash Transcend 16GB USB Device +++++
--- User ---
[MBR] cbd9754e9ffbbe6d81175a95360e1b33
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 256 | Size: 14907 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )




Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Hrstka on ne 31. 07. 2016 at 12:20:35,24.
Microsoft Windows 8.1 s aplikací Bing 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Hrstka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31. 7. 2016 12:30:03 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\prefs.js:

Added to C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\New Folder not found
C:\windows\sysWoW64\config\systemprofile\.android deleted
C:\Users\Public\Pokki deleted
C:\Users\Hrstka\AppData\Roaming\IP.dll deleted
C:\Users\Hrstka\AppData\Roaming\vmciver.dll deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+bnevw+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+qoynb+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+vkmgi+.txt deleted
C:\Users\Hrstka\AppData\Roaming\LICENSES-en.txt deleted
C:\Users\Hrstka\AppData\Roaming\Products.txt deleted
C:\Users\Hrstka\AppData\Roaming\xerces.LICENSE.txt deleted
C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Txt deleted
C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Txt deleted
C:\Users\Hrstka\AppData\Roaming\line_count_wrap.js deleted
C:\windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\PROGRA~3\{RecOveR}-vhlln__.Txt deleted
C:\PROGRA~3\{RecOveR}-yjdwn__.Txt deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Hrstka\AppData\Roaming\uvcbqdip.exe deleted
"C:\Users\Hrstka\AppData\Roaming\78-RKSJ-V" deleted
"C:\Users\Hrstka\AppData\Roaming\Aden" deleted
"C:\Users\Hrstka\AppData\Roaming\Atikokan" deleted
"C:\Users\Hrstka\AppData\Roaming\B5pc-UCS2" deleted
"C:\Users\Hrstka\AppData\Roaming\Bamako" deleted
"C:\Users\Hrstka\AppData\Roaming\Douala" deleted
"C:\Users\Hrstka\AppData\Roaming\Goose_Bay" deleted
"C:\Users\Hrstka\AppData\Roaming\HKdla-B5-V" deleted
"C:\Users\Hrstka\AppData\Roaming\Mexico_City" deleted
"C:\Users\Hrstka\AppData\Roaming\Palau" deleted
"C:\Users\Hrstka\AppData\Roaming\README" deleted
"C:\Users\Hrstka\AppData\Roaming\Scoresbysund" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
89E8B545DD5E878DF5B87F77148D9149 - C:\Users\Hrstka\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul


==== Chromium Look ======================

undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+bnevw+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+crmkj+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+gwyfd+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+qoynb+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+vkmgi+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\{RecOveR}-vhlln__.Png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\{RecOveR}-yjdwn__.Png

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}"
{85F1BD04-912A-4664-8116-AAF8A14C07E1} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hrstka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Hrstka\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=59 folders=16 95750890 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Hrstka\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Hrstka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 31. 07. 2016 at 12:48:07,63 ======================



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:37, on 31. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal

Running processes:
C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\Hrstka\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 7326 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Jirka008]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Hrstka (2016-07-31 17:00:33)
Running from C:\Users\Hrstka\Desktop
Windows 8.1 Connected (X64) (2015-05-09 23:28:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-553964673-1622739263-2049447999-500 - Administrator - Disabled)
Guest (S-1-5-21-553964673-1622739263-2049447999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-553964673-1622739263-2049447999-1003 - Limited - Enabled)
Hrstka (S-1-5-21-553964673-1622739263-2049447999-1001 - Administrator - Enabled) => C:\Users\Hrstka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
Energy Manager (x32 Version: 1.5.0.21 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Google Chrome (HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10264 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.43.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office Klikni a spusť 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft Office Starter 2010 - čeština (HKLM-x32\...\{90140011-0066-0405-0000-0000000FF1CE}) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5A277F2E-A817-463E-8170-88C269D35293} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {5D390007-DEA3-4EF9-A244-3084868682B6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: {B592A570-0062-40D6-B1DF-2C19006B5648} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D34748F1-668B-4F52-B5C9-0FAE3B262190} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {D99D39A2-0E3C-4A4A-82BA-DD8BAA377C0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-13 22:11 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-07-31 12:30 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: iBtSiva => 2
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41A49E03-7947-40AF-913A-D7093BDE730A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C01CE014-910C-4139-8905-3A91B328612D}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1B6B53A5-39C7-4D76-9BD5-66E7A28DE783}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C84838CE-073F-4BCD-AAFA-DC75E7D9689C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F4E5AA18-D912-465B-ABF9-5631BE8B0E25}] => (Allow) LPort=55100
FirewallRules: [{45D4E69B-4FFD-4E02-A629-2712AF45E2DD}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe

==================== Restore Points =========================

29-07-2016 16:58:49 Configured Lenovo Updates
30-07-2016 10:37:20 JRT Pre-Junkware Removal
31-07-2016 12:29:44 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2016 01:48:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/31/2016 12:58:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/30/2016 12:48:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/29/2016 04:10:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/29/2016 03:19:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/29/2016 10:10:04 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/28/2016 01:42:06 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/28/2016 12:53:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.

Error: (07/27/2016 06:13:09 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Excel Starter 2010 9014006604050000:tid=1514:usr=Hrstka}
Klient nemohl spustit aplikaci Q:\140066.csy\Office14\EXCELC.EXE (návratový kód 22400B24-00000057, poslední chyba: 87).

Error: (07/27/2016 06:13:09 PM) (Source: Application Virtualization Client) (EventID: 6001) (User: )
Description: {tid=1514:usr=Hrstka}
Nelze vytvořit proces (CreateProcess) (návratový kód 22400B24-00000057).


System errors:
=============
Error: (07/31/2016 01:38:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252

Error: (07/31/2016 12:48:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252

Error: (07/31/2016 12:44:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/31/2016 12:44:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/31/2016 12:44:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/31/2016 12:44:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/31/2016 12:44:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/30/2016 10:31:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252

Error: (07/30/2016 10:30:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\windows\System32\IWMSSvc.dll

Error: (07/30/2016 10:30:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\windows\System32\IWMSSvc.dll


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.21 MB
Available physical RAM: 2271.65 MB
Total Virtual: 5899.21 MB
Available Virtual: 3845.43 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.14 GB) (Free:162.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:10.89 GB) NTFS
Drive f: () (Removable) (Total:14.54 GB) (Free:7.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97D2FFE3)

Partition: GPT.

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Hrstka (administrator) on LENOVO-PC (31-07-2016 16:58:07)
Running from C:\Users\Hrstka\Desktop
Loaded Profiles: Hrstka (Available Profiles: Hrstka)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(ESET) C:\Users\Hrstka\Desktop\ESETTeslaCryptDecryptor.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-10-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-10-13] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BC11AB7-748D-4B3A-9D6C-A4ACD01C018D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-553964673-1622739263-2049447999-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-553964673-1622739263-2049447999-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-29]
CHR Extension: (Google Drive) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-29]
CHR Extension: (YouTube) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-29]
CHR Extension: (Google Search) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29]
CHR Extension: (Gmail) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2542216 2016-06-10] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
S4 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-01-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-10-13] (Lenovo(beijing) Limited)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-28] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-28] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [153248 2016-06-28] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [208552 2016-06-28] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [61608 2016-06-28] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-28] (ESET)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3443680 2014-06-01] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-31] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-31 16:58 - 2016-07-31 16:59 - 00012360 _____ C:\Users\Hrstka\Desktop\FRST.txt
2016-07-31 16:57 - 2016-07-31 16:58 - 00000000 ____D C:\FRST
2016-07-31 16:48 - 2016-07-31 16:43 - 02394112 _____ (Farbar) C:\Users\Hrstka\Desktop\FRST64.exe
2016-07-31 13:45 - 2016-07-31 13:45 - 00019968 ___SH C:\Users\Public\Documents\Thumbs.db
2016-07-31 12:47 - 2016-07-31 12:20 - 00024064 _____ C:\windows\zoek-delete.exe
2016-07-31 12:20 - 2016-07-31 12:44 - 00000000 ____D C:\zoek_backup
2016-07-31 12:20 - 2016-07-31 12:17 - 01309184 _____ C:\Users\Hrstka\Desktop\zoek.exe
2016-07-30 10:41 - 2016-07-31 12:49 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-07-30 10:40 - 2016-07-30 10:40 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-30 10:38 - 2016-07-30 10:35 - 25355848 _____ C:\Users\Hrstka\Desktop\RogueKillerX64.exe
2016-07-30 10:36 - 2016-07-30 10:34 - 01610560 _____ (Malwarebytes) C:\Users\Hrstka\Desktop\JRT.exe
2016-07-29 17:44 - 2016-07-30 10:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-29 17:43 - 2016-07-29 17:43 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-29 17:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-07-29 17:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-07-29 17:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-07-29 17:38 - 2016-07-29 17:26 - 03712064 _____ C:\Users\Hrstka\Desktop\AdwCleaner.exe
2016-07-29 17:37 - 2016-07-30 10:29 - 00000000 ____D C:\AdwCleaner
2016-07-29 17:30 - 2016-07-31 16:56 - 00000000 ____D C:\Users\Hrstka\Desktop\backups
2016-07-29 15:20 - 2016-07-28 16:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hrstka\Desktop\hijackthis.exe
2016-07-29 14:40 - 2016-07-29 14:39 - 149365520 _____ (Microsoft Corporation) C:\Users\Hrstka\Desktop\msert.exe
2016-07-29 12:11 - 2016-07-28 13:58 - 00862368 _____ (ESET) C:\Users\Hrstka\Desktop\ESETTeslaCryptDecryptor.exe
2016-07-29 12:02 - 2016-07-29 13:35 - 00000000 ____D C:\Users\Hrstka\AppData\Local\ElevatedDiagnostics
2016-07-29 11:55 - 2016-07-29 14:40 - 00134664 _____ C:\windows\ntbtlog.txt
2016-07-28 13:44 - 2016-07-28 13:44 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\Sun
2016-07-28 13:44 - 2016-07-28 13:44 - 00000000 ____D C:\Users\Hrstka\.oracle_jre_usage
2016-07-28 13:23 - 2016-07-28 13:23 - 00000000 ____D C:\Users\Hrstka\AppData\Local\ESET
2016-07-28 13:21 - 2016-07-28 13:21 - 00002054 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-07-28 13:21 - 2016-07-28 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-07-28 13:21 - 2016-07-28 13:21 - 00000000 ____D C:\ProgramData\ESET
2016-07-28 13:20 - 2016-07-28 13:20 - 00000000 ____D C:\Program Files\ESET
2016-07-28 12:49 - 2016-07-28 12:49 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-07-28 12:49 - 2016-07-28 12:49 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-28 12:49 - 2016-07-28 12:49 - 00000000 ____D C:\Program Files\CCleaner
2016-07-17 10:00 - 2016-07-17 10:00 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-31 17:00 - 2015-05-10 03:57 - 00000000 ____D C:\Users\Hrstka\Documents\KINGSTON
2016-07-31 16:54 - 2015-05-10 04:03 - 66486503 _____ C:\Users\Hrstka\Desktop\Zverejneno-Bystřice.zip.backup_by_eset
2016-07-31 16:54 - 2015-05-10 04:03 - 51498842 _____ C:\Users\Hrstka\Desktop\ZD-Mořina.zip.backup_by_eset
2016-07-31 16:54 - 2015-05-10 04:03 - 00041050 _____ C:\Users\Hrstka\Desktop\S-com-PD.rtf.backup_by_eset
2016-07-31 16:11 - 2015-05-10 02:42 - 00000000 ____D C:\Data z IBM
2016-07-31 14:33 - 2015-05-10 03:07 - 00000000 ____D C:\Data z IBM2
2016-07-31 13:43 - 2014-10-13 22:06 - 00740368 _____ C:\windows\system32\perfh005.dat
2016-07-31 13:43 - 2014-10-13 22:06 - 00151796 _____ C:\windows\system32\perfc005.dat
2016-07-31 13:43 - 2014-03-18 11:53 - 01747496 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-31 13:43 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-07-31 13:38 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-31 13:37 - 2015-05-10 02:13 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\SoftGrid Client
2016-07-30 11:14 - 2015-05-10 01:34 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-553964673-1622739263-2049447999-1001
2016-07-29 18:09 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-07-29 18:08 - 2014-10-13 22:29 - 00000000 ____D C:\ProgramData\LU
2016-07-29 16:59 - 2014-10-13 22:09 - 00001957 _____ C:\Users\Public\Desktop\Lenovo Updates.lnk
2016-07-29 16:58 - 2015-06-22 12:12 - 00001279 _____ C:\Users\Hrstka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-07-29 15:05 - 2015-05-19 21:37 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\Mozilla
2016-07-29 15:04 - 2015-05-10 01:28 - 00000000 ____D C:\Users\Hrstka
2016-07-29 14:54 - 2014-10-13 22:22 - 03035314 _____ C:\windows\MFGSTAT.zip
2016-07-29 14:53 - 2015-06-27 10:57 - 03425193 _____ C:\Users\Hrstka\Downloads\prilohy_540.zip
2016-07-29 14:53 - 2015-06-14 20:36 - 00000000 ____D C:\Users\Hrstka\Downloads\řeporyje
2016-07-29 14:53 - 2015-06-11 06:26 - 00359123 _____ C:\Users\Hrstka\Downloads\prilohy_364.zip
2016-07-29 14:53 - 2015-06-10 22:13 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV(2).p12
2016-07-29 14:53 - 2015-05-19 21:52 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV(1).p12
2016-07-29 14:53 - 2015-05-10 04:04 - 00583108 _____ C:\Users\Hrstka\Downloads\výpis 03-14 (1).pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00582956 _____ C:\Users\Hrstka\Downloads\vypis_4-2014.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00366945 _____ C:\Users\Hrstka\Downloads\prilohy_318.zip
2016-07-29 14:53 - 2015-05-10 04:04 - 00362496 _____ C:\Users\Hrstka\Downloads\mosty Děčín-Rumburk UL DOPLNIT.xls
2016-07-29 14:53 - 2015-05-10 04:04 - 00189440 _____ C:\Users\Hrstka\Downloads\cast-vseobecna.xls
2016-07-29 14:53 - 2015-05-10 04:04 - 00110579 _____ C:\Users\Hrstka\Downloads\141027_sever_plany_podzim.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00106648 _____ C:\Users\Hrstka\Downloads\P1000 03_2015.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00073795 _____ C:\Users\Hrstka\Downloads\cast-technicka.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00061284 _____ C:\Users\Hrstka\Downloads\zadost-vyplatu-z-pp.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00032575 _____ C:\Users\Hrstka\Downloads\cast-dopravni.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV.p12
2016-07-29 14:50 - 2015-05-10 04:04 - 00625350 _____ C:\Users\Hrstka\Documents\kontakty 05_2013.csv
2016-07-29 14:50 - 2015-05-10 04:01 - 00000000 ____D C:\Users\Hrstka\Documents\Vyměnitelný disk
2016-07-29 14:40 - 2015-05-10 04:03 - 66486503 _____ C:\Users\Hrstka\Desktop\Zverejneno-Bystřice.zip
2016-07-29 14:40 - 2015-05-10 04:03 - 51498842 _____ C:\Users\Hrstka\Desktop\ZD-Mořina.zip
2016-07-29 09:55 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-28 14:36 - 2016-03-25 06:01 - 00000000 ____D C:\Users\Hrstka\AppData\Local\KiyEsdu
2016-07-28 14:30 - 2015-06-04 04:22 - 00000000 ____D C:\ProgramData\KabexAsxoj
2016-07-28 13:59 - 2015-05-10 04:16 - 00000000 ____D C:\ProgramData\Oracle
2016-07-28 13:45 - 2015-05-10 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-28 13:45 - 2015-05-10 04:16 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-28 13:44 - 2015-05-10 04:16 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-28 13:22 - 2013-08-22 17:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-07-28 13:05 - 2014-04-02 19:34 - 00000000 ____D C:\windows\Panther
2016-07-28 12:43 - 2014-10-13 22:04 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-07-28 12:43 - 2013-08-22 16:44 - 00345256 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-28 12:41 - 2014-10-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-07-28 12:40 - 2015-05-19 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-28 12:39 - 2015-07-31 15:09 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2016-07-28 12:29 - 2014-10-13 21:32 - 00000000 ____D C:\ProgramData\Conexant
2016-07-27 18:25 - 2016-03-30 07:37 - 00113152 ___SH C:\Users\Hrstka\Thumbs.db
2016-07-16 05:33 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-07-12 23:37 - 2016-04-10 21:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 23:37 - 2015-08-04 19:28 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-03-30 04:26 - 2016-03-30 05:28 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+bnevw+.png
2016-03-31 20:27 - 2016-03-31 21:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.png
2016-03-30 07:59 - 2016-03-30 08:36 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+qoynb+.png
2016-03-31 12:29 - 2016-03-31 13:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+vkmgi+.png
2013-10-02 04:55 - 2013-10-02 04:55 - 0000210 _____ () C:\Users\Hrstka\AppData\Roaming\15.gif
2013-10-02 04:55 - 2013-10-02 04:55 - 0001074 _____ () C:\Users\Hrstka\AppData\Roaming\admon.textlabel.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0004218 _____ () C:\Users\Hrstka\AppData\Roaming\Adobe-CNS1-1
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Hrstka\AppData\Roaming\BMY brown 3.ADO
2014-05-08 07:44 - 2014-05-08 07:44 - 0000197 _____ () C:\Users\Hrstka\AppData\Roaming\bn_IN.aff
2014-05-08 07:44 - 2014-05-08 07:44 - 0004389 _____ () C:\Users\Hrstka\AppData\Roaming\da.pak
2015-02-26 18:00 - 2015-02-26 18:00 - 0002460 _____ () C:\Users\Hrstka\AppData\Roaming\DDVClean.mof
2015-05-20 03:28 - 2015-05-20 03:28 - 0000579 _____ () C:\Users\Hrstka\AppData\Roaming\dell_connect.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000923 _____ () C:\Users\Hrstka\AppData\Roaming\ebnf.table.border.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0000778 _____ () C:\Users\Hrstka\AppData\Roaming\email.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0001079 _____ () C:\Users\Hrstka\AppData\Roaming\emphasis.propagates.style.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0000382 _____ () C:\Users\Hrstka\AppData\Roaming\EngineLoggerConfig.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000071 _____ () C:\Users\Hrstka\AppData\Roaming\external-link.gif
2014-05-08 07:44 - 2014-05-08 07:44 - 0001820 _____ () C:\Users\Hrstka\AppData\Roaming\f3.png
1998-06-12 01:00 - 1998-06-12 01:00 - 0004988 _____ () C:\Users\Hrstka\AppData\Roaming\FootmanBioecology.e
2013-10-02 04:56 - 2013-10-02 04:56 - 0001461 _____ () C:\Users\Hrstka\AppData\Roaming\footnote.sep.leader.properties.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0002642 _____ () C:\Users\Hrstka\AppData\Roaming\grmphon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 0001684 _____ () C:\Users\Hrstka\AppData\Roaming\help_disabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000944 _____ () C:\Users\Hrstka\AppData\Roaming\html.stylesheet.type.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000937 _____ () C:\Users\Hrstka\AppData\Roaming\htmlhelp.title.xml
1992-11-17 02:00 - 1992-11-17 02:00 - 1776947 _____ () C:\Users\Hrstka\AppData\Roaming\Introvert.U
2015-05-20 03:28 - 2015-05-20 03:28 - 0004345 _____ () C:\Users\Hrstka\AppData\Roaming\irda.png
2015-03-24 07:39 - 2015-03-24 07:39 - 0001109 _____ () C:\Users\Hrstka\AppData\Roaming\LICENSE.md
2013-10-02 04:56 - 2013-10-02 04:56 - 0001828 _____ () C:\Users\Hrstka\AppData\Roaming\man.output.lang.in.name.enabled.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001536 _____ () C:\Users\Hrstka\AppData\Roaming\man.subheading.divider.xml
2009-06-10 23:06 - 2009-06-10 23:06 - 0002899 _____ () C:\Users\Hrstka\AppData\Roaming\Memories_buttonClear.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004576 _____ () C:\Users\Hrstka\AppData\Roaming\memory-reader.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004355 _____ () C:\Users\Hrstka\AppData\Roaming\mouse.png
2009-06-10 23:06 - 2009-06-10 23:06 - 0004515 _____ () C:\Users\Hrstka\AppData\Roaming\nav_rightarrow.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000888 _____ () C:\Users\Hrstka\AppData\Roaming\no.up.image.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0003157 _____ () C:\Users\Hrstka\AppData\Roaming\package-frame.html
2015-05-20 03:28 - 2015-05-20 03:28 - 0001264 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrantenna.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0002611 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrbattery.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0002510 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrscsi2.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0000193 _____ () C:\Users\Hrstka\AppData\Roaming\PCDR_HUD_4_3.scheme
2013-10-02 04:55 - 2013-10-02 04:55 - 0001172 _____ () C:\Users\Hrstka\AppData\Roaming\PlanDrawer.java
2014-05-08 06:08 - 2014-05-08 06:08 - 0001630 _____ () C:\Users\Hrstka\AppData\Roaming\Plastic - Polished Alumide.3PP
2013-10-02 04:56 - 2013-10-02 04:56 - 0001024 _____ () C:\Users\Hrstka\AppData\Roaming\procedure.properties.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000101 _____ () C:\Users\Hrstka\AppData\Roaming\r1.m
2015-05-20 03:28 - 2015-05-20 03:28 - 0003993 _____ () C:\Users\Hrstka\AppData\Roaming\RB_Disabled.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0001720 _____ () C:\Users\Hrstka\AppData\Roaming\redshd.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003111 _____ () C:\Users\Hrstka\AppData\Roaming\refresh_12.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003983 _____ () C:\Users\Hrstka\AppData\Roaming\RF_Enabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0002707 _____ () C:\Users\Hrstka\AppData\Roaming\SequenceFrequency.mm
2012-02-22 22:54 - 2012-02-22 22:54 - 0002388 _____ () C:\Users\Hrstka\AppData\Roaming\settings.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001068 _____ () C:\Users\Hrstka\AppData\Roaming\shade.verbatim.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000104 _____ () C:\Users\Hrstka\AppData\Roaming\SimpleDocument.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000975 _____ () C:\Users\Hrstka\AppData\Roaming\subscript.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0002786 _____ () C:\Users\Hrstka\AppData\Roaming\sysinfofilter_ax_dell.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001769 _____ () C:\Users\Hrstka\AppData\Roaming\systemTools.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0000816 _____ () C:\Users\Hrstka\AppData\Roaming\toast_good.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000840 _____ () C:\Users\Hrstka\AppData\Roaming\toc.image.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004090 _____ () C:\Users\Hrstka\AppData\Roaming\tutorials_icon.png
2015-05-20 03:14 - 2015-05-20 03:14 - 0000095 _____ () C:\Users\Hrstka\AppData\Roaming\tweakChkDsk_pt-pt.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0001933 _____ () C:\Users\Hrstka\AppData\Roaming\tweakNetworkingManual_de.p5p
2015-05-20 03:28 - 2015-05-20 03:28 - 0000415 _____ () C:\Users\Hrstka\AppData\Roaming\VertexOutputTexturelessInstanced.hlsli
2013-10-02 04:56 - 2013-10-02 04:56 - 0001366 _____ () C:\Users\Hrstka\AppData\Roaming\wordml.template.xml
2016-04-02 02:14 - 2016-04-02 02:14 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Htm
2016-04-02 02:14 - 2016-04-02 02:14 - 0082893 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Png
2016-04-10 07:00 - 2016-04-10 07:00 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Htm
2016-04-10 07:00 - 2016-04-10 07:00 - 0081953 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Png
2016-03-30 04:26 - 2016-03-30 05:28 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+bnevw+.png
2016-03-30 04:26 - 2016-03-30 05:28 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+bnevw+.txt
2016-03-31 20:27 - 2016-03-31 21:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+gwyfd+.png
2016-03-31 20:27 - 2016-03-31 21:06 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+gwyfd+.txt
2016-03-30 07:59 - 2016-03-30 08:36 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+qoynb+.png
2016-03-30 07:59 - 2016-03-30 08:36 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+qoynb+.txt
2016-03-31 12:29 - 2016-03-31 13:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+vkmgi+.png
2016-03-31 12:29 - 2016-03-31 13:06 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+vkmgi+.txt
2016-04-02 02:14 - 2016-04-02 02:14 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Htm
2016-04-02 02:14 - 2016-04-02 02:14 - 0082893 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Png
2016-04-02 02:14 - 2016-04-02 02:14 - 0002818 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Txt
2016-04-10 07:00 - 2016-04-10 07:00 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Htm
2016-04-10 07:00 - 2016-04-10 07:00 - 0081953 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Png
2016-04-10 07:00 - 2016-04-10 07:00 - 0002818 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Txt
2016-04-02 02:05 - 2016-04-02 02:17 - 0009238 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Htm
2016-04-02 02:05 - 2016-04-02 02:17 - 0082893 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Png
2016-04-02 02:05 - 2016-04-02 02:17 - 0002818 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Txt
2016-04-10 06:51 - 2016-04-10 06:58 - 0009238 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Htm
2016-04-10 06:51 - 2016-04-10 06:58 - 0081953 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Png
2016-04-10 06:51 - 2016-04-10 06:58 - 0002818 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Txt
2016-03-30 02:35 - 2016-03-30 02:35 - 0038534 _____ () C:\ProgramData\+REcovER+bnevw+.png
2016-04-05 06:40 - 2016-04-05 06:41 - 0038534 _____ () C:\ProgramData\+REcovER+crmkj+.png
2016-03-31 19:57 - 2016-03-31 19:58 - 0038534 _____ () C:\ProgramData\+REcovER+gwyfd+.png
2016-03-30 07:32 - 2016-03-30 07:32 - 0038534 _____ () C:\ProgramData\+REcovER+qoynb+.png
2016-03-31 12:01 - 2016-03-31 12:01 - 0038534 _____ () C:\ProgramData\+REcovER+vkmgi+.png
2014-10-13 21:32 - 2014-10-13 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-02 02:04 - 2016-04-02 02:05 - 0009238 _____ () C:\ProgramData\{RecOveR}-vhlln__.Htm
2016-04-02 02:04 - 2016-04-02 02:05 - 0082893 _____ () C:\ProgramData\{RecOveR}-vhlln__.Png
2016-04-10 06:50 - 2016-04-10 06:50 - 0009238 _____ () C:\ProgramData\{RecOveR}-yjdwn__.Htm
2016-04-10 06:50 - 2016-04-10 06:50 - 0081953 _____ () C:\ProgramData\{RecOveR}-yjdwn__.Png

Some files in TEMP:
====================
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-24 01:30

==================== End of FRST.txt ============================

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\ProgramData\+REcovER+bnevw+.png
C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.png

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[Jirka008]

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Hrstka (2016-08-01 09:09:55) Run:1
Running from C:\Users\Hrstka\Desktop
Loaded Profiles: Hrstka (Available Profiles: Hrstka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => key removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10810687 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 668812 B
Firefox => 965686 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3932 B
NetworkService => 0 B
Hrstka => 22202070 B

RecycleBin => 862912 B
EmptyTemp: => 41.9 MB temporary data Removed.

================================

https://www.virustotal.com/cs/file/b14b ... 470036298/
https://www.virustotal.com/cs/file/b14b ... 470036660/


The system needed a reboot.

==== End of Fixlog 09:10:01 ====

[jaro3]

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.