Dobrý den,
chtěl bych vás požádat kontrolu logu z HJT.
Jedná se o zavirovaný PC virem Win32/filecoder.
Děkuji!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:26:40, on 29. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Hrstka\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KabexAsxoj] regsvr32.exe "C:\ProgramData\KabexAsxoj\AiwuhIbxen.dnp"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [{B7ED0342-5301-4090-9B16-118EEDBFB5BC}] regsvr32.exe "C:\Users\Hrstka\AppData\Local\KiyEsdu\Quqej.dll"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: +REcovER+bnevw+.png
O4 - Startup: +REcovER+gwyfd+.png
O4 - Startup: +REcovER+qoynb+.png
O4 - Startup: +REcovER+vkmgi+.png
O4 - Startup: Thumbs.db
O4 - Startup: {RecOveR}-vhlln__.Png
O4 - Startup: {RecOveR}-yjdwn__.Png
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 7763 bytes
Kontrola logu, zavirovaný PC Win32/filecoder Vyřešeno
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, zavirovaný PC Win32/filecoder
V HJT fixni:
O4 - HKCU\..\Run: [KabexAsxoj] regsvr32.exe "C:\ProgramData\KabexAsxoj\AiwuhIbxen.dnp"
O4 - HKCU\..\Run: [{B7ED0342-5301-4090-9B16-118EEDBFB5BC}] regsvr32.exe "C:\Users\Hrstka\AppData\Local\KiyEsdu\Quqej.dll"
O4 - Startup: +REcovER+bnevw+.png
O4 - Startup: +REcovER+gwyfd+.png
O4 - Startup: +REcovER+qoynb+.png
O4 - Startup: +REcovER+vkmgi+.png
O4 - Startup: Thumbs.db
O4 - Startup: {RecOveR}-vhlln__.Png
O4 - Startup: {RecOveR}-yjdwn__.Png
===================================================
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na tlačítko "Logfile" načež se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
- Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware
Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
O4 - HKCU\..\Run: [KabexAsxoj] regsvr32.exe "C:\ProgramData\KabexAsxoj\AiwuhIbxen.dnp"
O4 - HKCU\..\Run: [{B7ED0342-5301-4090-9B16-118EEDBFB5BC}] regsvr32.exe "C:\Users\Hrstka\AppData\Local\KiyEsdu\Quqej.dll"
O4 - Startup: +REcovER+bnevw+.png
O4 - Startup: +REcovER+gwyfd+.png
O4 - Startup: +REcovER+qoynb+.png
O4 - Startup: +REcovER+vkmgi+.png
O4 - Startup: Thumbs.db
O4 - Startup: {RecOveR}-vhlln__.Png
O4 - Startup: {RecOveR}-yjdwn__.Png
===================================================
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na tlačítko "Logfile" načež se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
- Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware
Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Níže přikládám oba požadované logy:
# AdwCleaner v5.201 - Logfile created 29/07/2016 at 17:38:32
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 8.1 Connected (X64)
# Username : Hrstka - LENOVO-PC
# Running from : C:\Users\Hrstka\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\pokki
Folder Found : C:\ProgramData\Application Data\pokki
Folder Found : C:\Users\Default User\AppData\Local\Pokki
Folder Found : C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
File Found : C:\windows\SysWOW64\VisualDiscovery.ini
File Found : C:\windows\SysWOW64\VisualDiscoveryOff.ini
File Found : C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\invalidprefs.js
File Found : C:\windows\SysNative\VisualDiscoveryOff.ini
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
Key Found : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
Key Found : HKCU\Software\Classes\pokki
Key Found : HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Key Found : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Key Found : HKLM\SOFTWARE\VisualDiscovery
***** [ Web browsers ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [2402 bytes] - [29/07/2016 17:38:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2475 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29. 7. 2016
Čas skenování: 17:44
Protokol: mbam.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.08
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Hrstka
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 295345
Uplynulý čas: 15 min, 22 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 3
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, , [e3e962c7a5f54fe7b73de5d55ba810f0],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, , [7d4f1c0d9901a690747ca9298d7655ab],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, , [8844ee3bbddd3bfb32be4092d52e1ce4],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
# AdwCleaner v5.201 - Logfile created 29/07/2016 at 17:38:32
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Server]
# Operating system : Windows 8.1 Connected (X64)
# Username : Hrstka - LENOVO-PC
# Running from : C:\Users\Hrstka\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\pokki
Folder Found : C:\ProgramData\Application Data\pokki
Folder Found : C:\Users\Default User\AppData\Local\Pokki
Folder Found : C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
File Found : C:\windows\SysWOW64\VisualDiscovery.ini
File Found : C:\windows\SysWOW64\VisualDiscoveryOff.ini
File Found : C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\invalidprefs.js
File Found : C:\windows\SysNative\VisualDiscoveryOff.ini
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
Key Found : HKLM\SOFTWARE\CLASSES\APPID\VISUALDISCOVERY.EXE
Key Found : HKCU\Software\Classes\pokki
Key Found : HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
Key Found : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
Key Found : HKLM\SOFTWARE\VisualDiscovery
***** [ Web browsers ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [2402 bytes] - [29/07/2016 17:38:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2475 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29. 7. 2016
Čas skenování: 17:44
Protokol: mbam.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.08
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Hrstka
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 295345
Uplynulý čas: 15 min, 22 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 3
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, , [e3e962c7a5f54fe7b73de5d55ba810f0],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, , [7d4f1c0d9901a690747ca9298d7655ab],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, , [8844ee3bbddd3bfb32be4092d52e1ce4],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, zavirovaný PC Win32/filecoder
- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
====================================================
- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
====================================================
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
====================================================
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
====================================================
- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
====================================================
Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
====================================================
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Níže vkládám požadované logy.
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 30. 7. 2016
Čas skenování: 10:13
Protokol: mbam1.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.08
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Hrstka
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 296594
Uplynulý čas: 10 min, 19 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 3
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, Do karantény, [02cae1489efc2610579dcceec83bcd33],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, Do karantény, [efdd33f64a50a096f9f7e3ef0af99c64],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, Do karantény, [7c509099b0ea1a1c826ee3ef7192ca36],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
# AdwCleaner v5.201 - Logfile created 30/07/2016 at 10:29:08
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Local]
# Operating system : Windows 8.1 Connected (X64)
# Username : Hrstka - LENOVO-PC
# Running from : C:\Users\Hrstka\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\pokki
[#] Folder Deleted : C:\ProgramData\Application Data\pokki
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
[-] File Deleted : C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\invalidprefs.js
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2294 bytes] - [30/07/2016 10:29:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [2554 bytes] - [29/07/2016 17:38:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [2457 bytes] - [30/07/2016 10:26:25]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2513 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Connected x64
Ran by Hrstka (Administrator) on so 30. 07. 2016 at 10:37:17,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCA1FCEC-1B89-4956-9B88-111302C5AB4D} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 30. 07. 2016 at 10:39:31,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V12.4.1.0 (x64) [Jul 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Hrstka [Práva správce]
Started from : C:\Users\Hrstka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/30/2016 11:13:35
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B24EF80F-E202-44F5-B6FD-B4B780182989} | DhcpNameServer : 150.208.1.2 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B24EF80F-E202-44F5-B6FD-B4B780182989} | DhcpNameServer : 150.208.1.2 ([X]) -> Nalezeno
¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001Core.job -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001UA.job -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Nalezeno
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001Core -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Nalezeno
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001UA -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] 95df391da8d847c9955869eb8d2ea128
[BSP] eb9975a40ec00baaaebeb5a171d1590f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 435344 MB
5 - Basic data partition | Offset (sectors): 896477184 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 948905984 | Size: 13607 MB
User = LL1 ... OK
User = LL2 ... OK
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 30. 7. 2016
Čas skenování: 10:13
Protokol: mbam1.txt
Správce: Ano
Verze: 2.2.1.1043
Databáze malwaru: v2016.07.29.08
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Hrstka
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 296594
Uplynulý čas: 10 min, 19 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 3
PUP.Optional.VisualDiscovery, C:\Windows\SysWOW64\VisualDiscovery.ini, Do karantény, [02cae1489efc2610579dcceec83bcd33],
PUP.Optional.Winsock.WnskRST, C:\Windows\System32\VisualDiscoveryOff.ini, Do karantény, [efdd33f64a50a096f9f7e3ef0af99c64],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\VisualDiscoveryOff.ini, Do karantény, [7c509099b0ea1a1c826ee3ef7192ca36],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
# AdwCleaner v5.201 - Logfile created 30/07/2016 at 10:29:08
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-28.2 [Local]
# Operating system : Windows 8.1 Connected (X64)
# Username : Hrstka - LENOVO-PC
# Running from : C:\Users\Hrstka\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\pokki
[#] Folder Deleted : C:\ProgramData\Application Data\pokki
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki
***** [ Files ] *****
[-] File Deleted : C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\invalidprefs.js
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VISUALDISCOVERY.EXE
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E5FA7B4-61A2-4662-BBCE-62BBB20FC649}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D7F05E3-075A-43AF-8BC7-21E2F7F38845}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{617E26CE-E6E1-4C75-A68A-A001F2B98491}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FBDBEA-A722-4ABD-BEC0-B7D463F6BA0E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8128586C-DF69-4266-873F-CF4C6F705A7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F9CFCE-A7DC-4072-8B31-1DEA57004C86}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EA4AD895-2A7F-430E-B973-DEE6C4E743A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBF4B60F-A863-426F-BE6F-5DFE83BC574F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CB6BF8B6-E12B-42FA-A478-91BCCDE475DC}
[-] Key Deleted : HKLM\SOFTWARE\VisualDiscovery
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [2294 bytes] - [30/07/2016 10:29:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [2554 bytes] - [29/07/2016 17:38:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [2457 bytes] - [30/07/2016 10:26:25]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2513 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 Connected x64
Ran by Hrstka (Administrator) on so 30. 07. 2016 at 10:37:17,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCA1FCEC-1B89-4956-9B88-111302C5AB4D} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 30. 07. 2016 at 10:39:31,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V12.4.1.0 (x64) [Jul 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Hrstka [Práva správce]
Started from : C:\Users\Hrstka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/30/2016 11:13:35
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B24EF80F-E202-44F5-B6FD-B4B780182989} | DhcpNameServer : 150.208.1.2 ([X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B24EF80F-E202-44F5-B6FD-B4B780182989} | DhcpNameServer : 150.208.1.2 ([X]) -> Nalezeno
¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001Core.job -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001UA.job -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Nalezeno
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001Core -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/c) -> Nalezeno
[Suspicious.Path] \GoogleUpdateTaskUserS-1-5-21-553964673-1622739263-2049447999-1001UA -- C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe (/ua /installsource scheduler) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] 95df391da8d847c9955869eb8d2ea128
[BSP] eb9975a40ec00baaaebeb5a171d1590f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 435344 MB
5 - Basic data partition | Offset (sectors): 896477184 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 948905984 | Size: 13607 MB
User = LL1 ... OK
User = LL2 ... OK
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
====================================================
Co problémy? + nový log z HJT
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
====================================================
Co problémy? + nový log z HJT
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Níže přikládám požadované logy. Vše se zdá v pořádku.
Velmi děkuji za pomoc.
RogueKiller V12.4.1.0 (x64) [Jul 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Hrstka [Práva správce]
Started from : C:\Users\Hrstka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/31/2016 13:20:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] 95df391da8d847c9955869eb8d2ea128
[BSP] eb9975a40ec00baaaebeb5a171d1590f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 435344 MB
5 - Basic data partition | Offset (sectors): 896477184 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 948905984 | Size: 13607 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: JetFlash Transcend 16GB USB Device +++++
--- User ---
[MBR] cbd9754e9ffbbe6d81175a95360e1b33
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 256 | Size: 14907 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Hrstka on ne 31. 07. 2016 at 12:20:35,24.
Microsoft Windows 8.1 s aplikací Bing 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Hrstka\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31. 7. 2016 12:30:03 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\New Folder deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\prefs.js:
Added to C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\New Folder not found
C:\windows\sysWoW64\config\systemprofile\.android deleted
C:\Users\Public\Pokki deleted
C:\Users\Hrstka\AppData\Roaming\IP.dll deleted
C:\Users\Hrstka\AppData\Roaming\vmciver.dll deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+bnevw+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+qoynb+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+vkmgi+.txt deleted
C:\Users\Hrstka\AppData\Roaming\LICENSES-en.txt deleted
C:\Users\Hrstka\AppData\Roaming\Products.txt deleted
C:\Users\Hrstka\AppData\Roaming\xerces.LICENSE.txt deleted
C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Txt deleted
C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Txt deleted
C:\Users\Hrstka\AppData\Roaming\line_count_wrap.js deleted
C:\windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\PROGRA~3\{RecOveR}-vhlln__.Txt deleted
C:\PROGRA~3\{RecOveR}-yjdwn__.Txt deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Hrstka\AppData\Roaming\uvcbqdip.exe deleted
"C:\Users\Hrstka\AppData\Roaming\78-RKSJ-V" deleted
"C:\Users\Hrstka\AppData\Roaming\Aden" deleted
"C:\Users\Hrstka\AppData\Roaming\Atikokan" deleted
"C:\Users\Hrstka\AppData\Roaming\B5pc-UCS2" deleted
"C:\Users\Hrstka\AppData\Roaming\Bamako" deleted
"C:\Users\Hrstka\AppData\Roaming\Douala" deleted
"C:\Users\Hrstka\AppData\Roaming\Goose_Bay" deleted
"C:\Users\Hrstka\AppData\Roaming\HKdla-B5-V" deleted
"C:\Users\Hrstka\AppData\Roaming\Mexico_City" deleted
"C:\Users\Hrstka\AppData\Roaming\Palau" deleted
"C:\Users\Hrstka\AppData\Roaming\README" deleted
"C:\Users\Hrstka\AppData\Roaming\Scoresbysund" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
89E8B545DD5E878DF5B87F77148D9149 - C:\Users\Hrstka\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul
==== Chromium Look ======================
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+bnevw+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+crmkj+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+gwyfd+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+qoynb+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+vkmgi+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\{RecOveR}-vhlln__.Png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\{RecOveR}-yjdwn__.Png
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}"
{85F1BD04-912A-4664-8116-AAF8A14C07E1} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hrstka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Hrstka\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=59 folders=16 95750890 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Hrstka\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Hrstka\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 31. 07. 2016 at 12:48:07,63 ======================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:37, on 31. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal
Running processes:
C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\Hrstka\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 7326 bytes
Velmi děkuji za pomoc.
RogueKiller V12.4.1.0 (x64) [Jul 28 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9600) 64 bits version
Spuštěno : Normální režim
Uživatel : Hrstka [Práva správce]
Started from : C:\Users\Hrstka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/31/2016 13:20:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-SSHD-8GB +++++
--- User ---
[MBR] 95df391da8d847c9955869eb8d2ea128
[BSP] eb9975a40ec00baaaebeb5a171d1590f : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 435344 MB
5 - Basic data partition | Offset (sectors): 896477184 | Size: 25600 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 948905984 | Size: 13607 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: JetFlash Transcend 16GB USB Device +++++
--- User ---
[MBR] cbd9754e9ffbbe6d81175a95360e1b33
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 256 | Size: 14907 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Hrstka on ne 31. 07. 2016 at 12:20:35,24.
Microsoft Windows 8.1 s aplikací Bing 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Hrstka\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
31. 7. 2016 12:30:03 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\New Folder deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\prefs.js:
Added to C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\New Folder not found
C:\windows\sysWoW64\config\systemprofile\.android deleted
C:\Users\Public\Pokki deleted
C:\Users\Hrstka\AppData\Roaming\IP.dll deleted
C:\Users\Hrstka\AppData\Roaming\vmciver.dll deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+bnevw+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+qoynb+.txt deleted
C:\Users\Hrstka\AppData\Roaming\+REcovER+vkmgi+.txt deleted
C:\Users\Hrstka\AppData\Roaming\LICENSES-en.txt deleted
C:\Users\Hrstka\AppData\Roaming\Products.txt deleted
C:\Users\Hrstka\AppData\Roaming\xerces.LICENSE.txt deleted
C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Txt deleted
C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Txt deleted
C:\Users\Hrstka\AppData\Roaming\line_count_wrap.js deleted
C:\windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\PROGRA~3\{RecOveR}-vhlln__.Txt deleted
C:\PROGRA~3\{RecOveR}-yjdwn__.Txt deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Hrstka\AppData\Roaming\uvcbqdip.exe deleted
"C:\Users\Hrstka\AppData\Roaming\78-RKSJ-V" deleted
"C:\Users\Hrstka\AppData\Roaming\Aden" deleted
"C:\Users\Hrstka\AppData\Roaming\Atikokan" deleted
"C:\Users\Hrstka\AppData\Roaming\B5pc-UCS2" deleted
"C:\Users\Hrstka\AppData\Roaming\Bamako" deleted
"C:\Users\Hrstka\AppData\Roaming\Douala" deleted
"C:\Users\Hrstka\AppData\Roaming\Goose_Bay" deleted
"C:\Users\Hrstka\AppData\Roaming\HKdla-B5-V" deleted
"C:\Users\Hrstka\AppData\Roaming\Mexico_City" deleted
"C:\Users\Hrstka\AppData\Roaming\Palau" deleted
"C:\Users\Hrstka\AppData\Roaming\README" deleted
"C:\Users\Hrstka\AppData\Roaming\Scoresbysund" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
89E8B545DD5E878DF5B87F77148D9149 - C:\Users\Hrstka\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul
==== Chromium Look ======================
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+bnevw+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+crmkj+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+gwyfd+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+qoynb+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\+REcovER+vkmgi+.png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\{RecOveR}-vhlln__.Png
undetermined - Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\{RecOveR}-yjdwn__.Png
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}"
{85F1BD04-912A-4664-8116-AAF8A14C07E1} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
==== Reset Google Chrome ======================
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hrstka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Hrstka\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=59 folders=16 95750890 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Hrstka\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Hrstka\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 31. 07. 2016 at 12:48:07,63 ======================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:37, on 31. 7. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal
Running processes:
C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
C:\Users\Hrstka\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Lenovo WiFiHotspot Service (LenovoWiFiHotspotSvr) - Unknown owner - C:\Windows\System32\LenovoWiFiHotspotSvr.exe (file missing)
O23 - Service: LUService - Lenovo(beijing) Limited - C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 7326 bytes
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43062
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Návod
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hrstka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Hrstka (2016-07-31 17:00:33)
Running from C:\Users\Hrstka\Desktop
Windows 8.1 Connected (X64) (2015-05-09 23:28:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-553964673-1622739263-2049447999-500 - Administrator - Disabled)
Guest (S-1-5-21-553964673-1622739263-2049447999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-553964673-1622739263-2049447999-1003 - Limited - Enabled)
Hrstka (S-1-5-21-553964673-1622739263-2049447999-1001 - Administrator - Enabled) => C:\Users\Hrstka
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
Energy Manager (x32 Version: 1.5.0.21 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Google Chrome (HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10264 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.43.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office Klikni a spusť 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft Office Starter 2010 - čeština (HKLM-x32\...\{90140011-0066-0405-0000-0000000FF1CE}) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {5A277F2E-A817-463E-8170-88C269D35293} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {5D390007-DEA3-4EF9-A244-3084868682B6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: {B592A570-0062-40D6-B1DF-2C19006B5648} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D34748F1-668B-4F52-B5C9-0FAE3B262190} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {D99D39A2-0E3C-4A4A-82BA-DD8BAA377C0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-13 22:11 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-07-31 12:30 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: iBtSiva => 2
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41A49E03-7947-40AF-913A-D7093BDE730A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C01CE014-910C-4139-8905-3A91B328612D}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1B6B53A5-39C7-4D76-9BD5-66E7A28DE783}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C84838CE-073F-4BCD-AAFA-DC75E7D9689C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F4E5AA18-D912-465B-ABF9-5631BE8B0E25}] => (Allow) LPort=55100
FirewallRules: [{45D4E69B-4FFD-4E02-A629-2712AF45E2DD}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
==================== Restore Points =========================
29-07-2016 16:58:49 Configured Lenovo Updates
30-07-2016 10:37:20 JRT Pre-Junkware Removal
31-07-2016 12:29:44 zoek.exe restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2016 01:48:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/31/2016 12:58:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/30/2016 12:48:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/29/2016 04:10:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/29/2016 03:19:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/29/2016 10:10:04 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/28/2016 01:42:06 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (07/28/2016 12:53:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/27/2016 06:13:09 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Excel Starter 2010 9014006604050000:tid=1514:usr=Hrstka}
Klient nemohl spustit aplikaci Q:\140066.csy\Office14\EXCELC.EXE (návratový kód 22400B24-00000057, poslední chyba: 87).
Error: (07/27/2016 06:13:09 PM) (Source: Application Virtualization Client) (EventID: 6001) (User: )
Description: {tid=1514:usr=Hrstka}
Nelze vytvořit proces (CreateProcess) (návratový kód 22400B24-00000057).
System errors:
=============
Error: (07/31/2016 01:38:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252
Error: (07/31/2016 12:48:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252
Error: (07/31/2016 12:44:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/30/2016 10:31:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252
Error: (07/30/2016 10:30:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\windows\System32\IWMSSvc.dll
Error: (07/30/2016 10:30:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\windows\System32\IWMSSvc.dll
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.21 MB
Available physical RAM: 2271.65 MB
Total Virtual: 5899.21 MB
Available Virtual: 3845.43 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.14 GB) (Free:162.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:10.89 GB) NTFS
Drive f: () (Removable) (Total:14.54 GB) (Free:7.25 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97D2FFE3)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Hrstka (administrator) on LENOVO-PC (31-07-2016 16:58:07)
Running from C:\Users\Hrstka\Desktop
Loaded Profiles: Hrstka (Available Profiles: Hrstka)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(ESET) C:\Users\Hrstka\Desktop\ESETTeslaCryptDecryptor.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-10-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-10-13] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BC11AB7-748D-4B3A-9D6C-A4ACD01C018D}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-553964673-1622739263-2049447999-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-553964673-1622739263-2049447999-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-29]
CHR Extension: (Google Drive) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-29]
CHR Extension: (YouTube) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-29]
CHR Extension: (Google Search) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29]
CHR Extension: (Gmail) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2542216 2016-06-10] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
S4 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-01-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-10-13] (Lenovo(beijing) Limited)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-28] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-28] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [153248 2016-06-28] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [208552 2016-06-28] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [61608 2016-06-28] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-28] (ESET)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3443680 2014-06-01] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-31] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-31 16:58 - 2016-07-31 16:59 - 00012360 _____ C:\Users\Hrstka\Desktop\FRST.txt
2016-07-31 16:57 - 2016-07-31 16:58 - 00000000 ____D C:\FRST
2016-07-31 16:48 - 2016-07-31 16:43 - 02394112 _____ (Farbar) C:\Users\Hrstka\Desktop\FRST64.exe
2016-07-31 13:45 - 2016-07-31 13:45 - 00019968 ___SH C:\Users\Public\Documents\Thumbs.db
2016-07-31 12:47 - 2016-07-31 12:20 - 00024064 _____ C:\windows\zoek-delete.exe
2016-07-31 12:20 - 2016-07-31 12:44 - 00000000 ____D C:\zoek_backup
2016-07-31 12:20 - 2016-07-31 12:17 - 01309184 _____ C:\Users\Hrstka\Desktop\zoek.exe
2016-07-30 10:41 - 2016-07-31 12:49 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-07-30 10:40 - 2016-07-30 10:40 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-30 10:38 - 2016-07-30 10:35 - 25355848 _____ C:\Users\Hrstka\Desktop\RogueKillerX64.exe
2016-07-30 10:36 - 2016-07-30 10:34 - 01610560 _____ (Malwarebytes) C:\Users\Hrstka\Desktop\JRT.exe
2016-07-29 17:44 - 2016-07-30 10:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-29 17:43 - 2016-07-29 17:43 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-29 17:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-07-29 17:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-07-29 17:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-07-29 17:38 - 2016-07-29 17:26 - 03712064 _____ C:\Users\Hrstka\Desktop\AdwCleaner.exe
2016-07-29 17:37 - 2016-07-30 10:29 - 00000000 ____D C:\AdwCleaner
2016-07-29 17:30 - 2016-07-31 16:56 - 00000000 ____D C:\Users\Hrstka\Desktop\backups
2016-07-29 15:20 - 2016-07-28 16:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hrstka\Desktop\hijackthis.exe
2016-07-29 14:40 - 2016-07-29 14:39 - 149365520 _____ (Microsoft Corporation) C:\Users\Hrstka\Desktop\msert.exe
2016-07-29 12:11 - 2016-07-28 13:58 - 00862368 _____ (ESET) C:\Users\Hrstka\Desktop\ESETTeslaCryptDecryptor.exe
2016-07-29 12:02 - 2016-07-29 13:35 - 00000000 ____D C:\Users\Hrstka\AppData\Local\ElevatedDiagnostics
2016-07-29 11:55 - 2016-07-29 14:40 - 00134664 _____ C:\windows\ntbtlog.txt
2016-07-28 13:44 - 2016-07-28 13:44 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\Sun
2016-07-28 13:44 - 2016-07-28 13:44 - 00000000 ____D C:\Users\Hrstka\.oracle_jre_usage
2016-07-28 13:23 - 2016-07-28 13:23 - 00000000 ____D C:\Users\Hrstka\AppData\Local\ESET
2016-07-28 13:21 - 2016-07-28 13:21 - 00002054 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-07-28 13:21 - 2016-07-28 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-07-28 13:21 - 2016-07-28 13:21 - 00000000 ____D C:\ProgramData\ESET
2016-07-28 13:20 - 2016-07-28 13:20 - 00000000 ____D C:\Program Files\ESET
2016-07-28 12:49 - 2016-07-28 12:49 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-07-28 12:49 - 2016-07-28 12:49 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-28 12:49 - 2016-07-28 12:49 - 00000000 ____D C:\Program Files\CCleaner
2016-07-17 10:00 - 2016-07-17 10:00 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-31 17:00 - 2015-05-10 03:57 - 00000000 ____D C:\Users\Hrstka\Documents\KINGSTON
2016-07-31 16:54 - 2015-05-10 04:03 - 66486503 _____ C:\Users\Hrstka\Desktop\Zverejneno-Bystřice.zip.backup_by_eset
2016-07-31 16:54 - 2015-05-10 04:03 - 51498842 _____ C:\Users\Hrstka\Desktop\ZD-Mořina.zip.backup_by_eset
2016-07-31 16:54 - 2015-05-10 04:03 - 00041050 _____ C:\Users\Hrstka\Desktop\S-com-PD.rtf.backup_by_eset
2016-07-31 16:11 - 2015-05-10 02:42 - 00000000 ____D C:\Data z IBM
2016-07-31 14:33 - 2015-05-10 03:07 - 00000000 ____D C:\Data z IBM2
2016-07-31 13:43 - 2014-10-13 22:06 - 00740368 _____ C:\windows\system32\perfh005.dat
2016-07-31 13:43 - 2014-10-13 22:06 - 00151796 _____ C:\windows\system32\perfc005.dat
2016-07-31 13:43 - 2014-03-18 11:53 - 01747496 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-31 13:43 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-07-31 13:38 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-31 13:37 - 2015-05-10 02:13 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\SoftGrid Client
2016-07-30 11:14 - 2015-05-10 01:34 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-553964673-1622739263-2049447999-1001
2016-07-29 18:09 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-07-29 18:08 - 2014-10-13 22:29 - 00000000 ____D C:\ProgramData\LU
2016-07-29 16:59 - 2014-10-13 22:09 - 00001957 _____ C:\Users\Public\Desktop\Lenovo Updates.lnk
2016-07-29 16:58 - 2015-06-22 12:12 - 00001279 _____ C:\Users\Hrstka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-07-29 15:05 - 2015-05-19 21:37 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\Mozilla
2016-07-29 15:04 - 2015-05-10 01:28 - 00000000 ____D C:\Users\Hrstka
2016-07-29 14:54 - 2014-10-13 22:22 - 03035314 _____ C:\windows\MFGSTAT.zip
2016-07-29 14:53 - 2015-06-27 10:57 - 03425193 _____ C:\Users\Hrstka\Downloads\prilohy_540.zip
2016-07-29 14:53 - 2015-06-14 20:36 - 00000000 ____D C:\Users\Hrstka\Downloads\řeporyje
2016-07-29 14:53 - 2015-06-11 06:26 - 00359123 _____ C:\Users\Hrstka\Downloads\prilohy_364.zip
2016-07-29 14:53 - 2015-06-10 22:13 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV(2).p12
2016-07-29 14:53 - 2015-05-19 21:52 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV(1).p12
2016-07-29 14:53 - 2015-05-10 04:04 - 00583108 _____ C:\Users\Hrstka\Downloads\výpis 03-14 (1).pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00582956 _____ C:\Users\Hrstka\Downloads\vypis_4-2014.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00366945 _____ C:\Users\Hrstka\Downloads\prilohy_318.zip
2016-07-29 14:53 - 2015-05-10 04:04 - 00362496 _____ C:\Users\Hrstka\Downloads\mosty Děčín-Rumburk UL DOPLNIT.xls
2016-07-29 14:53 - 2015-05-10 04:04 - 00189440 _____ C:\Users\Hrstka\Downloads\cast-vseobecna.xls
2016-07-29 14:53 - 2015-05-10 04:04 - 00110579 _____ C:\Users\Hrstka\Downloads\141027_sever_plany_podzim.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00106648 _____ C:\Users\Hrstka\Downloads\P1000 03_2015.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00073795 _____ C:\Users\Hrstka\Downloads\cast-technicka.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00061284 _____ C:\Users\Hrstka\Downloads\zadost-vyplatu-z-pp.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00032575 _____ C:\Users\Hrstka\Downloads\cast-dopravni.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV.p12
2016-07-29 14:50 - 2015-05-10 04:04 - 00625350 _____ C:\Users\Hrstka\Documents\kontakty 05_2013.csv
2016-07-29 14:50 - 2015-05-10 04:01 - 00000000 ____D C:\Users\Hrstka\Documents\Vyměnitelný disk
2016-07-29 14:40 - 2015-05-10 04:03 - 66486503 _____ C:\Users\Hrstka\Desktop\Zverejneno-Bystřice.zip
2016-07-29 14:40 - 2015-05-10 04:03 - 51498842 _____ C:\Users\Hrstka\Desktop\ZD-Mořina.zip
2016-07-29 09:55 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-28 14:36 - 2016-03-25 06:01 - 00000000 ____D C:\Users\Hrstka\AppData\Local\KiyEsdu
2016-07-28 14:30 - 2015-06-04 04:22 - 00000000 ____D C:\ProgramData\KabexAsxoj
2016-07-28 13:59 - 2015-05-10 04:16 - 00000000 ____D C:\ProgramData\Oracle
2016-07-28 13:45 - 2015-05-10 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-28 13:45 - 2015-05-10 04:16 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-28 13:44 - 2015-05-10 04:16 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-28 13:22 - 2013-08-22 17:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-07-28 13:05 - 2014-04-02 19:34 - 00000000 ____D C:\windows\Panther
2016-07-28 12:43 - 2014-10-13 22:04 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-07-28 12:43 - 2013-08-22 16:44 - 00345256 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-28 12:41 - 2014-10-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-07-28 12:40 - 2015-05-19 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-28 12:39 - 2015-07-31 15:09 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2016-07-28 12:29 - 2014-10-13 21:32 - 00000000 ____D C:\ProgramData\Conexant
2016-07-27 18:25 - 2016-03-30 07:37 - 00113152 ___SH C:\Users\Hrstka\Thumbs.db
2016-07-16 05:33 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-07-12 23:37 - 2016-04-10 21:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 23:37 - 2015-08-04 19:28 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2016-03-30 04:26 - 2016-03-30 05:28 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+bnevw+.png
2016-03-31 20:27 - 2016-03-31 21:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.png
2016-03-30 07:59 - 2016-03-30 08:36 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+qoynb+.png
2016-03-31 12:29 - 2016-03-31 13:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+vkmgi+.png
2013-10-02 04:55 - 2013-10-02 04:55 - 0000210 _____ () C:\Users\Hrstka\AppData\Roaming\15.gif
2013-10-02 04:55 - 2013-10-02 04:55 - 0001074 _____ () C:\Users\Hrstka\AppData\Roaming\admon.textlabel.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0004218 _____ () C:\Users\Hrstka\AppData\Roaming\Adobe-CNS1-1
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Hrstka\AppData\Roaming\BMY brown 3.ADO
2014-05-08 07:44 - 2014-05-08 07:44 - 0000197 _____ () C:\Users\Hrstka\AppData\Roaming\bn_IN.aff
2014-05-08 07:44 - 2014-05-08 07:44 - 0004389 _____ () C:\Users\Hrstka\AppData\Roaming\da.pak
2015-02-26 18:00 - 2015-02-26 18:00 - 0002460 _____ () C:\Users\Hrstka\AppData\Roaming\DDVClean.mof
2015-05-20 03:28 - 2015-05-20 03:28 - 0000579 _____ () C:\Users\Hrstka\AppData\Roaming\dell_connect.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000923 _____ () C:\Users\Hrstka\AppData\Roaming\ebnf.table.border.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0000778 _____ () C:\Users\Hrstka\AppData\Roaming\email.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0001079 _____ () C:\Users\Hrstka\AppData\Roaming\emphasis.propagates.style.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0000382 _____ () C:\Users\Hrstka\AppData\Roaming\EngineLoggerConfig.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000071 _____ () C:\Users\Hrstka\AppData\Roaming\external-link.gif
2014-05-08 07:44 - 2014-05-08 07:44 - 0001820 _____ () C:\Users\Hrstka\AppData\Roaming\f3.png
1998-06-12 01:00 - 1998-06-12 01:00 - 0004988 _____ () C:\Users\Hrstka\AppData\Roaming\FootmanBioecology.e
2013-10-02 04:56 - 2013-10-02 04:56 - 0001461 _____ () C:\Users\Hrstka\AppData\Roaming\footnote.sep.leader.properties.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0002642 _____ () C:\Users\Hrstka\AppData\Roaming\grmphon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 0001684 _____ () C:\Users\Hrstka\AppData\Roaming\help_disabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000944 _____ () C:\Users\Hrstka\AppData\Roaming\html.stylesheet.type.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000937 _____ () C:\Users\Hrstka\AppData\Roaming\htmlhelp.title.xml
1992-11-17 02:00 - 1992-11-17 02:00 - 1776947 _____ () C:\Users\Hrstka\AppData\Roaming\Introvert.U
2015-05-20 03:28 - 2015-05-20 03:28 - 0004345 _____ () C:\Users\Hrstka\AppData\Roaming\irda.png
2015-03-24 07:39 - 2015-03-24 07:39 - 0001109 _____ () C:\Users\Hrstka\AppData\Roaming\LICENSE.md
2013-10-02 04:56 - 2013-10-02 04:56 - 0001828 _____ () C:\Users\Hrstka\AppData\Roaming\man.output.lang.in.name.enabled.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001536 _____ () C:\Users\Hrstka\AppData\Roaming\man.subheading.divider.xml
2009-06-10 23:06 - 2009-06-10 23:06 - 0002899 _____ () C:\Users\Hrstka\AppData\Roaming\Memories_buttonClear.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004576 _____ () C:\Users\Hrstka\AppData\Roaming\memory-reader.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004355 _____ () C:\Users\Hrstka\AppData\Roaming\mouse.png
2009-06-10 23:06 - 2009-06-10 23:06 - 0004515 _____ () C:\Users\Hrstka\AppData\Roaming\nav_rightarrow.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000888 _____ () C:\Users\Hrstka\AppData\Roaming\no.up.image.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0003157 _____ () C:\Users\Hrstka\AppData\Roaming\package-frame.html
2015-05-20 03:28 - 2015-05-20 03:28 - 0001264 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrantenna.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0002611 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrbattery.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0002510 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrscsi2.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0000193 _____ () C:\Users\Hrstka\AppData\Roaming\PCDR_HUD_4_3.scheme
2013-10-02 04:55 - 2013-10-02 04:55 - 0001172 _____ () C:\Users\Hrstka\AppData\Roaming\PlanDrawer.java
2014-05-08 06:08 - 2014-05-08 06:08 - 0001630 _____ () C:\Users\Hrstka\AppData\Roaming\Plastic - Polished Alumide.3PP
2013-10-02 04:56 - 2013-10-02 04:56 - 0001024 _____ () C:\Users\Hrstka\AppData\Roaming\procedure.properties.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000101 _____ () C:\Users\Hrstka\AppData\Roaming\r1.m
2015-05-20 03:28 - 2015-05-20 03:28 - 0003993 _____ () C:\Users\Hrstka\AppData\Roaming\RB_Disabled.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0001720 _____ () C:\Users\Hrstka\AppData\Roaming\redshd.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003111 _____ () C:\Users\Hrstka\AppData\Roaming\refresh_12.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003983 _____ () C:\Users\Hrstka\AppData\Roaming\RF_Enabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0002707 _____ () C:\Users\Hrstka\AppData\Roaming\SequenceFrequency.mm
2012-02-22 22:54 - 2012-02-22 22:54 - 0002388 _____ () C:\Users\Hrstka\AppData\Roaming\settings.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001068 _____ () C:\Users\Hrstka\AppData\Roaming\shade.verbatim.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000104 _____ () C:\Users\Hrstka\AppData\Roaming\SimpleDocument.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000975 _____ () C:\Users\Hrstka\AppData\Roaming\subscript.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0002786 _____ () C:\Users\Hrstka\AppData\Roaming\sysinfofilter_ax_dell.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001769 _____ () C:\Users\Hrstka\AppData\Roaming\systemTools.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0000816 _____ () C:\Users\Hrstka\AppData\Roaming\toast_good.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000840 _____ () C:\Users\Hrstka\AppData\Roaming\toc.image.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004090 _____ () C:\Users\Hrstka\AppData\Roaming\tutorials_icon.png
2015-05-20 03:14 - 2015-05-20 03:14 - 0000095 _____ () C:\Users\Hrstka\AppData\Roaming\tweakChkDsk_pt-pt.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0001933 _____ () C:\Users\Hrstka\AppData\Roaming\tweakNetworkingManual_de.p5p
2015-05-20 03:28 - 2015-05-20 03:28 - 0000415 _____ () C:\Users\Hrstka\AppData\Roaming\VertexOutputTexturelessInstanced.hlsli
2013-10-02 04:56 - 2013-10-02 04:56 - 0001366 _____ () C:\Users\Hrstka\AppData\Roaming\wordml.template.xml
2016-04-02 02:14 - 2016-04-02 02:14 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Htm
2016-04-02 02:14 - 2016-04-02 02:14 - 0082893 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Png
2016-04-10 07:00 - 2016-04-10 07:00 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Htm
2016-04-10 07:00 - 2016-04-10 07:00 - 0081953 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Png
2016-03-30 04:26 - 2016-03-30 05:28 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+bnevw+.png
2016-03-30 04:26 - 2016-03-30 05:28 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+bnevw+.txt
2016-03-31 20:27 - 2016-03-31 21:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+gwyfd+.png
2016-03-31 20:27 - 2016-03-31 21:06 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+gwyfd+.txt
2016-03-30 07:59 - 2016-03-30 08:36 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+qoynb+.png
2016-03-30 07:59 - 2016-03-30 08:36 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+qoynb+.txt
2016-03-31 12:29 - 2016-03-31 13:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+vkmgi+.png
2016-03-31 12:29 - 2016-03-31 13:06 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+vkmgi+.txt
2016-04-02 02:14 - 2016-04-02 02:14 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Htm
2016-04-02 02:14 - 2016-04-02 02:14 - 0082893 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Png
2016-04-02 02:14 - 2016-04-02 02:14 - 0002818 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Txt
2016-04-10 07:00 - 2016-04-10 07:00 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Htm
2016-04-10 07:00 - 2016-04-10 07:00 - 0081953 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Png
2016-04-10 07:00 - 2016-04-10 07:00 - 0002818 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Txt
2016-04-02 02:05 - 2016-04-02 02:17 - 0009238 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Htm
2016-04-02 02:05 - 2016-04-02 02:17 - 0082893 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Png
2016-04-02 02:05 - 2016-04-02 02:17 - 0002818 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Txt
2016-04-10 06:51 - 2016-04-10 06:58 - 0009238 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Htm
2016-04-10 06:51 - 2016-04-10 06:58 - 0081953 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Png
2016-04-10 06:51 - 2016-04-10 06:58 - 0002818 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Txt
2016-03-30 02:35 - 2016-03-30 02:35 - 0038534 _____ () C:\ProgramData\+REcovER+bnevw+.png
2016-04-05 06:40 - 2016-04-05 06:41 - 0038534 _____ () C:\ProgramData\+REcovER+crmkj+.png
2016-03-31 19:57 - 2016-03-31 19:58 - 0038534 _____ () C:\ProgramData\+REcovER+gwyfd+.png
2016-03-30 07:32 - 2016-03-30 07:32 - 0038534 _____ () C:\ProgramData\+REcovER+qoynb+.png
2016-03-31 12:01 - 2016-03-31 12:01 - 0038534 _____ () C:\ProgramData\+REcovER+vkmgi+.png
2014-10-13 21:32 - 2014-10-13 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-02 02:04 - 2016-04-02 02:05 - 0009238 _____ () C:\ProgramData\{RecOveR}-vhlln__.Htm
2016-04-02 02:04 - 2016-04-02 02:05 - 0082893 _____ () C:\ProgramData\{RecOveR}-vhlln__.Png
2016-04-10 06:50 - 2016-04-10 06:50 - 0009238 _____ () C:\ProgramData\{RecOveR}-yjdwn__.Htm
2016-04-10 06:50 - 2016-04-10 06:50 - 0081953 _____ () C:\ProgramData\{RecOveR}-yjdwn__.Png
Some files in TEMP:
====================
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-24 01:30
==================== End of FRST.txt ============================
Ran by Hrstka (2016-07-31 17:00:33)
Running from C:\Users\Hrstka\Desktop
Windows 8.1 Connected (X64) (2015-05-09 23:28:57)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-553964673-1622739263-2049447999-500 - Administrator - Disabled)
Guest (S-1-5-21-553964673-1622739263-2049447999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-553964673-1622739263-2049447999-1003 - Limited - Enabled)
Hrstka (S-1-5-21-553964673-1622739263-2049447999-1001 - Administrator - Enabled) => C:\Users\Hrstka
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.385.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
Energy Manager (x32 Version: 1.5.0.21 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{D94B5945-22DD-47C9-9CA4-ED784C9B2427}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Google Chrome (HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1347.2) (HKLM\...\{302600C1-6BDF-4FD1-1312-148929CC1385}) (Version: 17.0.1312.0414 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{2f4d8103-e601-4d48-b81d-d508d760aaba}) (Version: 17.0.3 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10264 - Realtek Semiconductor Corp.)
Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.43.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo)
Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office Klikni a spusť 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft Office Starter 2010 - čeština (HKLM-x32\...\{90140011-0066-0405-0000-0000000FF1CE}) (Version: 14.0.4763.1011 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0405-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {5A277F2E-A817-463E-8170-88C269D35293} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {5D390007-DEA3-4EF9-A244-3084868682B6} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: {B592A570-0062-40D6-B1DF-2C19006B5648} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {D34748F1-668B-4F52-B5C9-0FAE3B262190} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {D99D39A2-0E3C-4A4A-82BA-DD8BAA377C0F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-10-13 22:11 - 2012-04-24 12:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-07-31 12:30 - 00000753 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img2.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: iBtSiva => 2
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41A49E03-7947-40AF-913A-D7093BDE730A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C01CE014-910C-4139-8905-3A91B328612D}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{1B6B53A5-39C7-4D76-9BD5-66E7A28DE783}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C84838CE-073F-4BCD-AAFA-DC75E7D9689C}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{F4E5AA18-D912-465B-ABF9-5631BE8B0E25}] => (Allow) LPort=55100
FirewallRules: [{45D4E69B-4FFD-4E02-A629-2712AF45E2DD}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
==================== Restore Points =========================
29-07-2016 16:58:49 Configured Lenovo Updates
30-07-2016 10:37:20 JRT Pre-Junkware Removal
31-07-2016 12:29:44 zoek.exe restore point
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2016 01:48:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/31/2016 12:58:04 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/30/2016 12:48:35 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/29/2016 04:10:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/29/2016 03:19:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/29/2016 10:10:04 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/28/2016 01:42:06 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (07/28/2016 12:53:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Pouze informace
(Patch task for {90140011-0066-0405-0000-0000000FF1CE}): DownloadLatest Failed: V tuto chvíli není aktivní žádné připojení k síti. Jakmile bude připojen adaptér, bude Služba inteligentního přenosu na pozadí (BITS) akci opakovat.
Error: (07/27/2016 06:13:09 PM) (Source: Application Virtualization Client) (EventID: 3079) (User: )
Description: {hap=12:app=Microsoft Excel Starter 2010 9014006604050000:tid=1514:usr=Hrstka}
Klient nemohl spustit aplikaci Q:\140066.csy\Office14\EXCELC.EXE (návratový kód 22400B24-00000057, poslední chyba: 87).
Error: (07/27/2016 06:13:09 PM) (Source: Application Virtualization Client) (EventID: 6001) (User: )
Description: {tid=1514:usr=Hrstka}
Nelze vytvořit proces (CreateProcess) (návratový kód 22400B24-00000057).
System errors:
=============
Error: (07/31/2016 01:38:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252
Error: (07/31/2016 12:48:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252
Error: (07/31/2016 12:44:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:27 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/31/2016 12:44:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.
Error: (07/30/2016 10:31:17 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: Výstraha o závažné chybě byla vygenerována a zaslána na vzdálený koncový bod. To může vést k ukončení připojení. Kód závažné chyby definovaný protokolem TLS: 40. Stav chyby Windows SChannel: 252
Error: (07/30/2016 10:30:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\windows\System32\IWMSSvc.dll
Error: (07/30/2016 10:30:39 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.
Cesta k modulu: C:\windows\System32\IWMSSvc.dll
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 42%
Total physical RAM: 3979.21 MB
Available physical RAM: 2271.65 MB
Total Virtual: 5899.21 MB
Available Virtual: 3845.43 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.14 GB) (Free:162.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:10.89 GB) NTFS
Drive f: () (Removable) (Total:14.54 GB) (Free:7.25 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 97D2FFE3)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Hrstka (administrator) on LENOVO-PC (31-07-2016 16:58:07)
Running from C:\Users\Hrstka\Desktop
Loaded Profiles: Hrstka (Available Profiles: Hrstka)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(ESET) C:\Users\Hrstka\Desktop\ESETTeslaCryptDecryptor.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-10-13] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-10-13] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1BC11AB7-748D-4B3A-9D6C-A4ACD01C018D}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-28] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Hrstka\AppData\Roaming\Mozilla\Firefox\Profiles\obxm5qhk.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-553964673-1622739263-2049447999-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-553964673-1622739263-2049447999-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-29]
CHR Extension: (Google Drive) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-29]
CHR Extension: (YouTube) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-29]
CHR Extension: (Google Search) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-29]
CHR Extension: (Gmail) - C:\Users\Hrstka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2542216 2016-06-10] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
S4 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-01-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-10-13] (Lenovo(beijing) Limited)
S2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [37624 2014-04-21] (Lenovo(beijing) Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263336 2016-06-28] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-06-28] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-06-28] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [153248 2016-06-28] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [208552 2016-06-28] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [61608 2016-06-28] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-06-28] (ESET)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3443680 2014-06-01] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-31] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-31 16:58 - 2016-07-31 16:59 - 00012360 _____ C:\Users\Hrstka\Desktop\FRST.txt
2016-07-31 16:57 - 2016-07-31 16:58 - 00000000 ____D C:\FRST
2016-07-31 16:48 - 2016-07-31 16:43 - 02394112 _____ (Farbar) C:\Users\Hrstka\Desktop\FRST64.exe
2016-07-31 13:45 - 2016-07-31 13:45 - 00019968 ___SH C:\Users\Public\Documents\Thumbs.db
2016-07-31 12:47 - 2016-07-31 12:20 - 00024064 _____ C:\windows\zoek-delete.exe
2016-07-31 12:20 - 2016-07-31 12:44 - 00000000 ____D C:\zoek_backup
2016-07-31 12:20 - 2016-07-31 12:17 - 01309184 _____ C:\Users\Hrstka\Desktop\zoek.exe
2016-07-30 10:41 - 2016-07-31 12:49 - 00028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-07-30 10:40 - 2016-07-30 10:40 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-30 10:38 - 2016-07-30 10:35 - 25355848 _____ C:\Users\Hrstka\Desktop\RogueKillerX64.exe
2016-07-30 10:36 - 2016-07-30 10:34 - 01610560 _____ (Malwarebytes) C:\Users\Hrstka\Desktop\JRT.exe
2016-07-29 17:44 - 2016-07-30 10:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-29 17:43 - 2016-07-29 17:43 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-29 17:43 - 2016-07-29 17:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-29 17:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-07-29 17:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-07-29 17:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-07-29 17:38 - 2016-07-29 17:26 - 03712064 _____ C:\Users\Hrstka\Desktop\AdwCleaner.exe
2016-07-29 17:37 - 2016-07-30 10:29 - 00000000 ____D C:\AdwCleaner
2016-07-29 17:30 - 2016-07-31 16:56 - 00000000 ____D C:\Users\Hrstka\Desktop\backups
2016-07-29 15:20 - 2016-07-28 16:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\Hrstka\Desktop\hijackthis.exe
2016-07-29 14:40 - 2016-07-29 14:39 - 149365520 _____ (Microsoft Corporation) C:\Users\Hrstka\Desktop\msert.exe
2016-07-29 12:11 - 2016-07-28 13:58 - 00862368 _____ (ESET) C:\Users\Hrstka\Desktop\ESETTeslaCryptDecryptor.exe
2016-07-29 12:02 - 2016-07-29 13:35 - 00000000 ____D C:\Users\Hrstka\AppData\Local\ElevatedDiagnostics
2016-07-29 11:55 - 2016-07-29 14:40 - 00134664 _____ C:\windows\ntbtlog.txt
2016-07-28 13:44 - 2016-07-28 13:44 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\Sun
2016-07-28 13:44 - 2016-07-28 13:44 - 00000000 ____D C:\Users\Hrstka\.oracle_jre_usage
2016-07-28 13:23 - 2016-07-28 13:23 - 00000000 ____D C:\Users\Hrstka\AppData\Local\ESET
2016-07-28 13:21 - 2016-07-28 13:21 - 00002054 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2016-07-28 13:21 - 2016-07-28 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-07-28 13:21 - 2016-07-28 13:21 - 00000000 ____D C:\ProgramData\ESET
2016-07-28 13:20 - 2016-07-28 13:20 - 00000000 ____D C:\Program Files\ESET
2016-07-28 12:49 - 2016-07-28 12:49 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2016-07-28 12:49 - 2016-07-28 12:49 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-07-28 12:49 - 2016-07-28 12:49 - 00000000 ____D C:\Program Files\CCleaner
2016-07-17 10:00 - 2016-07-17 10:00 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-31 17:00 - 2015-05-10 03:57 - 00000000 ____D C:\Users\Hrstka\Documents\KINGSTON
2016-07-31 16:54 - 2015-05-10 04:03 - 66486503 _____ C:\Users\Hrstka\Desktop\Zverejneno-Bystřice.zip.backup_by_eset
2016-07-31 16:54 - 2015-05-10 04:03 - 51498842 _____ C:\Users\Hrstka\Desktop\ZD-Mořina.zip.backup_by_eset
2016-07-31 16:54 - 2015-05-10 04:03 - 00041050 _____ C:\Users\Hrstka\Desktop\S-com-PD.rtf.backup_by_eset
2016-07-31 16:11 - 2015-05-10 02:42 - 00000000 ____D C:\Data z IBM
2016-07-31 14:33 - 2015-05-10 03:07 - 00000000 ____D C:\Data z IBM2
2016-07-31 13:43 - 2014-10-13 22:06 - 00740368 _____ C:\windows\system32\perfh005.dat
2016-07-31 13:43 - 2014-10-13 22:06 - 00151796 _____ C:\windows\system32\perfc005.dat
2016-07-31 13:43 - 2014-03-18 11:53 - 01747496 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-31 13:43 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-07-31 13:38 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-31 13:37 - 2015-05-10 02:13 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\SoftGrid Client
2016-07-30 11:14 - 2015-05-10 01:34 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-553964673-1622739263-2049447999-1001
2016-07-29 18:09 - 2013-08-22 17:20 - 00000000 ____D C:\windows\CbsTemp
2016-07-29 18:08 - 2014-10-13 22:29 - 00000000 ____D C:\ProgramData\LU
2016-07-29 16:59 - 2014-10-13 22:09 - 00001957 _____ C:\Users\Public\Desktop\Lenovo Updates.lnk
2016-07-29 16:58 - 2015-06-22 12:12 - 00001279 _____ C:\Users\Hrstka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-07-29 15:05 - 2015-05-19 21:37 - 00000000 ____D C:\Users\Hrstka\AppData\Roaming\Mozilla
2016-07-29 15:04 - 2015-05-10 01:28 - 00000000 ____D C:\Users\Hrstka
2016-07-29 14:54 - 2014-10-13 22:22 - 03035314 _____ C:\windows\MFGSTAT.zip
2016-07-29 14:53 - 2015-06-27 10:57 - 03425193 _____ C:\Users\Hrstka\Downloads\prilohy_540.zip
2016-07-29 14:53 - 2015-06-14 20:36 - 00000000 ____D C:\Users\Hrstka\Downloads\řeporyje
2016-07-29 14:53 - 2015-06-11 06:26 - 00359123 _____ C:\Users\Hrstka\Downloads\prilohy_364.zip
2016-07-29 14:53 - 2015-06-10 22:13 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV(2).p12
2016-07-29 14:53 - 2015-05-19 21:52 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV(1).p12
2016-07-29 14:53 - 2015-05-10 04:04 - 00583108 _____ C:\Users\Hrstka\Downloads\výpis 03-14 (1).pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00582956 _____ C:\Users\Hrstka\Downloads\vypis_4-2014.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00366945 _____ C:\Users\Hrstka\Downloads\prilohy_318.zip
2016-07-29 14:53 - 2015-05-10 04:04 - 00362496 _____ C:\Users\Hrstka\Downloads\mosty Děčín-Rumburk UL DOPLNIT.xls
2016-07-29 14:53 - 2015-05-10 04:04 - 00189440 _____ C:\Users\Hrstka\Downloads\cast-vseobecna.xls
2016-07-29 14:53 - 2015-05-10 04:04 - 00110579 _____ C:\Users\Hrstka\Downloads\141027_sever_plany_podzim.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00106648 _____ C:\Users\Hrstka\Downloads\P1000 03_2015.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00073795 _____ C:\Users\Hrstka\Downloads\cast-technicka.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00061284 _____ C:\Users\Hrstka\Downloads\zadost-vyplatu-z-pp.pdf
2016-07-29 14:53 - 2015-05-10 04:04 - 00032575 _____ C:\Users\Hrstka\Downloads\cast-dopravni.xlsx
2016-07-29 14:53 - 2015-05-10 04:04 - 00004621 _____ C:\Users\Hrstka\Downloads\HRSTKA VÁCLAV.p12
2016-07-29 14:50 - 2015-05-10 04:04 - 00625350 _____ C:\Users\Hrstka\Documents\kontakty 05_2013.csv
2016-07-29 14:50 - 2015-05-10 04:01 - 00000000 ____D C:\Users\Hrstka\Documents\Vyměnitelný disk
2016-07-29 14:40 - 2015-05-10 04:03 - 66486503 _____ C:\Users\Hrstka\Desktop\Zverejneno-Bystřice.zip
2016-07-29 14:40 - 2015-05-10 04:03 - 51498842 _____ C:\Users\Hrstka\Desktop\ZD-Mořina.zip
2016-07-29 09:55 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-07-28 14:36 - 2016-03-25 06:01 - 00000000 ____D C:\Users\Hrstka\AppData\Local\KiyEsdu
2016-07-28 14:30 - 2015-06-04 04:22 - 00000000 ____D C:\ProgramData\KabexAsxoj
2016-07-28 13:59 - 2015-05-10 04:16 - 00000000 ____D C:\ProgramData\Oracle
2016-07-28 13:45 - 2015-05-10 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-28 13:45 - 2015-05-10 04:16 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-28 13:44 - 2015-05-10 04:16 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-28 13:22 - 2013-08-22 17:36 - 00000000 ___HD C:\windows\ELAMBKUP
2016-07-28 13:05 - 2014-04-02 19:34 - 00000000 ____D C:\windows\Panther
2016-07-28 12:43 - 2014-10-13 22:04 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-07-28 12:43 - 2013-08-22 16:44 - 00345256 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-28 12:41 - 2014-10-13 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-07-28 12:40 - 2015-05-19 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-28 12:39 - 2015-07-31 15:09 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2016-07-28 12:29 - 2014-10-13 21:32 - 00000000 ____D C:\ProgramData\Conexant
2016-07-27 18:25 - 2016-03-30 07:37 - 00113152 ___SH C:\Users\Hrstka\Thumbs.db
2016-07-16 05:33 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-07-12 23:37 - 2016-04-10 21:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 23:37 - 2015-08-04 19:28 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2016-03-30 04:26 - 2016-03-30 05:28 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+bnevw+.png
2016-03-31 20:27 - 2016-03-31 21:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.png
2016-03-30 07:59 - 2016-03-30 08:36 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+qoynb+.png
2016-03-31 12:29 - 2016-03-31 13:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\+REcovER+vkmgi+.png
2013-10-02 04:55 - 2013-10-02 04:55 - 0000210 _____ () C:\Users\Hrstka\AppData\Roaming\15.gif
2013-10-02 04:55 - 2013-10-02 04:55 - 0001074 _____ () C:\Users\Hrstka\AppData\Roaming\admon.textlabel.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0004218 _____ () C:\Users\Hrstka\AppData\Roaming\Adobe-CNS1-1
2014-05-08 06:05 - 2014-05-08 06:05 - 0000524 _____ () C:\Users\Hrstka\AppData\Roaming\BMY brown 3.ADO
2014-05-08 07:44 - 2014-05-08 07:44 - 0000197 _____ () C:\Users\Hrstka\AppData\Roaming\bn_IN.aff
2014-05-08 07:44 - 2014-05-08 07:44 - 0004389 _____ () C:\Users\Hrstka\AppData\Roaming\da.pak
2015-02-26 18:00 - 2015-02-26 18:00 - 0002460 _____ () C:\Users\Hrstka\AppData\Roaming\DDVClean.mof
2015-05-20 03:28 - 2015-05-20 03:28 - 0000579 _____ () C:\Users\Hrstka\AppData\Roaming\dell_connect.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000923 _____ () C:\Users\Hrstka\AppData\Roaming\ebnf.table.border.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0000778 _____ () C:\Users\Hrstka\AppData\Roaming\email.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0001079 _____ () C:\Users\Hrstka\AppData\Roaming\emphasis.propagates.style.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0000382 _____ () C:\Users\Hrstka\AppData\Roaming\EngineLoggerConfig.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000071 _____ () C:\Users\Hrstka\AppData\Roaming\external-link.gif
2014-05-08 07:44 - 2014-05-08 07:44 - 0001820 _____ () C:\Users\Hrstka\AppData\Roaming\f3.png
1998-06-12 01:00 - 1998-06-12 01:00 - 0004988 _____ () C:\Users\Hrstka\AppData\Roaming\FootmanBioecology.e
2013-10-02 04:56 - 2013-10-02 04:56 - 0001461 _____ () C:\Users\Hrstka\AppData\Roaming\footnote.sep.leader.properties.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 0002642 _____ () C:\Users\Hrstka\AppData\Roaming\grmphon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 0001684 _____ () C:\Users\Hrstka\AppData\Roaming\help_disabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000944 _____ () C:\Users\Hrstka\AppData\Roaming\html.stylesheet.type.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000937 _____ () C:\Users\Hrstka\AppData\Roaming\htmlhelp.title.xml
1992-11-17 02:00 - 1992-11-17 02:00 - 1776947 _____ () C:\Users\Hrstka\AppData\Roaming\Introvert.U
2015-05-20 03:28 - 2015-05-20 03:28 - 0004345 _____ () C:\Users\Hrstka\AppData\Roaming\irda.png
2015-03-24 07:39 - 2015-03-24 07:39 - 0001109 _____ () C:\Users\Hrstka\AppData\Roaming\LICENSE.md
2013-10-02 04:56 - 2013-10-02 04:56 - 0001828 _____ () C:\Users\Hrstka\AppData\Roaming\man.output.lang.in.name.enabled.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001536 _____ () C:\Users\Hrstka\AppData\Roaming\man.subheading.divider.xml
2009-06-10 23:06 - 2009-06-10 23:06 - 0002899 _____ () C:\Users\Hrstka\AppData\Roaming\Memories_buttonClear.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004576 _____ () C:\Users\Hrstka\AppData\Roaming\memory-reader.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0004355 _____ () C:\Users\Hrstka\AppData\Roaming\mouse.png
2009-06-10 23:06 - 2009-06-10 23:06 - 0004515 _____ () C:\Users\Hrstka\AppData\Roaming\nav_rightarrow.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000888 _____ () C:\Users\Hrstka\AppData\Roaming\no.up.image.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0003157 _____ () C:\Users\Hrstka\AppData\Roaming\package-frame.html
2015-05-20 03:28 - 2015-05-20 03:28 - 0001264 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrantenna.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0002611 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrbattery.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0002510 _____ () C:\Users\Hrstka\AppData\Roaming\pcdrscsi2.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 0000193 _____ () C:\Users\Hrstka\AppData\Roaming\PCDR_HUD_4_3.scheme
2013-10-02 04:55 - 2013-10-02 04:55 - 0001172 _____ () C:\Users\Hrstka\AppData\Roaming\PlanDrawer.java
2014-05-08 06:08 - 2014-05-08 06:08 - 0001630 _____ () C:\Users\Hrstka\AppData\Roaming\Plastic - Polished Alumide.3PP
2013-10-02 04:56 - 2013-10-02 04:56 - 0001024 _____ () C:\Users\Hrstka\AppData\Roaming\procedure.properties.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000101 _____ () C:\Users\Hrstka\AppData\Roaming\r1.m
2015-05-20 03:28 - 2015-05-20 03:28 - 0003993 _____ () C:\Users\Hrstka\AppData\Roaming\RB_Disabled.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0001720 _____ () C:\Users\Hrstka\AppData\Roaming\redshd.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003111 _____ () C:\Users\Hrstka\AppData\Roaming\refresh_12.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0003983 _____ () C:\Users\Hrstka\AppData\Roaming\RF_Enabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0002707 _____ () C:\Users\Hrstka\AppData\Roaming\SequenceFrequency.mm
2012-02-22 22:54 - 2012-02-22 22:54 - 0002388 _____ () C:\Users\Hrstka\AppData\Roaming\settings.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0001068 _____ () C:\Users\Hrstka\AppData\Roaming\shade.verbatim.xml
2013-10-02 04:55 - 2013-10-02 04:55 - 0000104 _____ () C:\Users\Hrstka\AppData\Roaming\SimpleDocument.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 0000975 _____ () C:\Users\Hrstka\AppData\Roaming\subscript.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0002786 _____ () C:\Users\Hrstka\AppData\Roaming\sysinfofilter_ax_dell.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0001769 _____ () C:\Users\Hrstka\AppData\Roaming\systemTools.png
2015-05-20 03:28 - 2015-05-20 03:28 - 0000816 _____ () C:\Users\Hrstka\AppData\Roaming\toast_good.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0000840 _____ () C:\Users\Hrstka\AppData\Roaming\toc.image.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 0004090 _____ () C:\Users\Hrstka\AppData\Roaming\tutorials_icon.png
2015-05-20 03:14 - 2015-05-20 03:14 - 0000095 _____ () C:\Users\Hrstka\AppData\Roaming\tweakChkDsk_pt-pt.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0001933 _____ () C:\Users\Hrstka\AppData\Roaming\tweakNetworkingManual_de.p5p
2015-05-20 03:28 - 2015-05-20 03:28 - 0000415 _____ () C:\Users\Hrstka\AppData\Roaming\VertexOutputTexturelessInstanced.hlsli
2013-10-02 04:56 - 2013-10-02 04:56 - 0001366 _____ () C:\Users\Hrstka\AppData\Roaming\wordml.template.xml
2016-04-02 02:14 - 2016-04-02 02:14 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Htm
2016-04-02 02:14 - 2016-04-02 02:14 - 0082893 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-vhlln__.Png
2016-04-10 07:00 - 2016-04-10 07:00 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Htm
2016-04-10 07:00 - 2016-04-10 07:00 - 0081953 _____ () C:\Users\Hrstka\AppData\Roaming\{RecOveR}-yjdwn__.Png
2016-03-30 04:26 - 2016-03-30 05:28 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+bnevw+.png
2016-03-30 04:26 - 2016-03-30 05:28 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+bnevw+.txt
2016-03-31 20:27 - 2016-03-31 21:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+gwyfd+.png
2016-03-31 20:27 - 2016-03-31 21:06 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+gwyfd+.txt
2016-03-30 07:59 - 2016-03-30 08:36 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+qoynb+.png
2016-03-30 07:59 - 2016-03-30 08:36 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+qoynb+.txt
2016-03-31 12:29 - 2016-03-31 13:06 - 0038534 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+vkmgi+.png
2016-03-31 12:29 - 2016-03-31 13:06 - 0001046 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\+REcovER+vkmgi+.txt
2016-04-02 02:14 - 2016-04-02 02:14 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Htm
2016-04-02 02:14 - 2016-04-02 02:14 - 0082893 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Png
2016-04-02 02:14 - 2016-04-02 02:14 - 0002818 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-vhlln__.Txt
2016-04-10 07:00 - 2016-04-10 07:00 - 0009238 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Htm
2016-04-10 07:00 - 2016-04-10 07:00 - 0081953 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Png
2016-04-10 07:00 - 2016-04-10 07:00 - 0002818 _____ () C:\Users\Hrstka\AppData\Roaming\Microsoft\{RecOveR}-yjdwn__.Txt
2016-04-02 02:05 - 2016-04-02 02:17 - 0009238 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Htm
2016-04-02 02:05 - 2016-04-02 02:17 - 0082893 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Png
2016-04-02 02:05 - 2016-04-02 02:17 - 0002818 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-vhlln__.Txt
2016-04-10 06:51 - 2016-04-10 06:58 - 0009238 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Htm
2016-04-10 06:51 - 2016-04-10 06:58 - 0081953 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Png
2016-04-10 06:51 - 2016-04-10 06:58 - 0002818 _____ () C:\Users\Hrstka\AppData\Local\{RecOveR}-yjdwn__.Txt
2016-03-30 02:35 - 2016-03-30 02:35 - 0038534 _____ () C:\ProgramData\+REcovER+bnevw+.png
2016-04-05 06:40 - 2016-04-05 06:41 - 0038534 _____ () C:\ProgramData\+REcovER+crmkj+.png
2016-03-31 19:57 - 2016-03-31 19:58 - 0038534 _____ () C:\ProgramData\+REcovER+gwyfd+.png
2016-03-30 07:32 - 2016-03-30 07:32 - 0038534 _____ () C:\ProgramData\+REcovER+qoynb+.png
2016-03-31 12:01 - 2016-03-31 12:01 - 0038534 _____ () C:\ProgramData\+REcovER+vkmgi+.png
2014-10-13 21:32 - 2014-10-13 21:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-04-02 02:04 - 2016-04-02 02:05 - 0009238 _____ () C:\ProgramData\{RecOveR}-vhlln__.Htm
2016-04-02 02:04 - 2016-04-02 02:05 - 0082893 _____ () C:\ProgramData\{RecOveR}-vhlln__.Png
2016-04-10 06:50 - 2016-04-10 06:50 - 0009238 _____ () C:\ProgramData\{RecOveR}-yjdwn__.Htm
2016-04-10 06:50 - 2016-04-10 06:50 - 0081953 _____ () C:\ProgramData\{RecOveR}-yjdwn__.Png
Some files in TEMP:
====================
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-24 01:30
==================== End of FRST.txt ============================
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43062
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\ProgramData\+REcovER+bnevw+.png
C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.png
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\ProgramData\+REcovER+bnevw+.png
C:\Users\Hrstka\AppData\Roaming\+REcovER+gwyfd+.png
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Hrstka (2016-08-01 09:09:55) Run:1
Running from C:\Users\Hrstka\Desktop
Loaded Profiles: Hrstka (Available Profiles: Hrstka)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => key removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10810687 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 668812 B
Firefox => 965686 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3932 B
NetworkService => 0 B
Hrstka => 22202070 B
RecycleBin => 862912 B
EmptyTemp: => 41.9 MB temporary data Removed.
================================
https://www.virustotal.com/cs/file/b14b ... 470036298/
https://www.virustotal.com/cs/file/b14b ... 470036660/
The system needed a reboot.
==== End of Fixlog 09:10:01 ====
Ran by Hrstka (2016-08-01 09:09:55) Run:1
Running from C:\Users\Hrstka\Desktop
Loaded Profiles: Hrstka (Available Profiles: Hrstka)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hrstka\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-553964673-1622739263-2049447999-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll
EmptyTemp:
End
*****************
Processes closed successfully.
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => key removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-553964673-1622739263-2049447999-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\Hrstka\AppData\Local\Temp\dllnt_dump.dll => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10810687 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 668812 B
Firefox => 965686 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3932 B
NetworkService => 0 B
Hrstka => 22202070 B
RecycleBin => 862912 B
EmptyTemp: => 41.9 MB temporary data Removed.
================================
https://www.virustotal.com/cs/file/b14b ... 470036298/
https://www.virustotal.com/cs/file/b14b ... 470036660/
The system needed a reboot.
==== End of Fixlog 09:10:01 ====
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43062
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, zavirovaný PC Win32/filecoder
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host