Win32:Malware-gen

[Vyrus]

Zdravim, antivir mi našel tuhle hrozbu, ale nešlo s tim nic udělat, ikdyž jsem dal přesunout do truhly. Vyhodilo mi to chybu,
že operace neni pro tento typ archívu podporována. Tak jestli budete mít čas to zkouknout. Dík
posílám log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by ja (administrator) on JA-PC on 05-02-2015 23:41:37
Running from C:\Users\ja\Desktop
Loaded Profiles: ja (Available profiles: ja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Maxthon)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Users\ja\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-04-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-13] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {a4fbb4cb-eb35-11e3-8507-dc0ea1e185f0} - E:\iLinker.exe
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {e8a45dc0-8b41-11e3-8b8d-dc0ea1e185f0} - G:\AUTORUN.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-29987143-280432319-848625087-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENN
SearchScopes: HKU\S-1-5-21-29987143-280432319-848625087-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-29987143-280432319-848625087-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENN
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn.zcu.cz/CACHE/stc/4/binaries/vpnweb.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\vp93mylg.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-29987143-280432319-848625087-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\vp93mylg.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=280&lng=cs", "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Profile: C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Hľadať v Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Peňaženka Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Gmail) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
S2 Update ConstaSurf; "C:\Program Files (x86)\ConstaSurf\updateConstaSurf.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-19] (Disc Soft Ltd)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-09-29] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-09-29] (Microsoft Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 23:41 - 2015-02-05 23:42 - 00016889 _____ () C:\Users\ja\Desktop\FRST.txt
2015-02-05 23:41 - 2015-02-05 23:41 - 00000000 ____D () C:\FRST
2015-02-05 23:41 - 2015-02-05 23:40 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Desktop\FRSTLauncher.exe
2015-02-05 23:40 - 2015-02-05 23:40 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\FRSTLauncher.exe
2015-02-05 23:26 - 2015-02-05 23:26 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\Nepotvrdené 741370.crdownload
2015-02-05 23:26 - 2015-02-05 23:26 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\Nepotvrdené 327613.crdownload
2015-02-05 23:25 - 2015-02-05 23:25 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\Nepotvrdené 2950.crdownload
2015-02-05 23:18 - 2015-02-05 23:18 - 02131968 _____ (Farbar) C:\Users\ja\Desktop\FRST64.exe
2015-02-05 14:55 - 2015-02-05 14:55 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-02-05 14:55 - 2015-02-05 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-02-05 14:53 - 2015-02-05 14:53 - 00880208 _____ (Google Inc.) C:\Users\ja\Downloads\GoogleEarthProSetup.exe
2015-01-27 15:54 - 2015-01-27 15:55 - 13429504 _____ (Disc Soft Ltd) C:\Users\ja\Downloads\DTLite4491-0356.exe
2015-01-24 21:23 - 2015-01-24 21:23 - 00000000 ____D () C:\Users\ja\Downloads\VisualBoyAdvance-1.8.0-beta3
2015-01-24 21:23 - 2015-01-24 21:23 - 00000000 ____D () C:\Users\ja\Downloads\1380564814wpdm_Pokemon FireRed
2015-01-24 21:22 - 2015-01-24 21:23 - 05347971 _____ () C:\Users\ja\Downloads\1380564814wpdm_Pokemon FireRed.zip
2015-01-24 21:22 - 2015-01-24 21:22 - 00538400 _____ () C:\Users\ja\Downloads\VisualBoyAdvance-1.8.0-beta3.rar
2015-01-23 14:59 - 2015-01-23 17:33 - 00000000 ____D () C:\Users\ja\Downloads\NHL.07.CZ
2015-01-23 14:59 - 2015-01-23 16:55 - 2071515068 _____ () C:\Users\ja\Downloads\NHL-2007-(CZ).rar
2015-01-23 14:57 - 2015-01-23 15:13 - 2503790592 _____ () C:\Users\ja\Downloads\NHL08+CZ.iso
2015-01-23 14:57 - 2015-01-23 14:57 - 00012475 _____ () C:\Users\ja\Downloads\[CzT]NHL_2008_CZ_Dabing_.torrent
2015-01-23 14:56 - 2015-01-23 14:56 - 00022439 _____ () C:\Users\ja\Downloads\[CzT]NHL_2007_CZ.torrent
2015-01-23 11:51 - 2015-01-23 11:51 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Unity
2015-01-23 11:48 - 2015-01-23 11:48 - 03249480 _____ (Unity Technologies ApS) C:\Users\ja\Downloads\UnityWebPlayer.exe
2015-01-23 11:48 - 2015-01-23 11:48 - 00000000 ____D () C:\Users\ja\AppData\Local\Unity
2015-01-23 10:22 - 2015-01-23 10:35 - 1319504151 _____ () C:\Users\ja\Desktop\Bonbon Jovi.7z
2015-01-14 15:07 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 15:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 15:07 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 15:07 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 15:07 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 15:07 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 15:07 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:07 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:07 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 15:07 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 15:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 15:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 15:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-07 16:49 - 2015-01-07 16:49 - 00000000 ____D () C:\Users\ja\AppData\Local\Cisco
2015-01-07 16:49 - 2015-01-07 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-01-07 16:49 - 2015-01-07 16:49 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-07 16:46 - 2015-01-07 16:49 - 00000000 ____D () C:\ProgramData\Cisco
2015-01-07 16:33 - 2015-01-07 16:33 - 00000000 __SHD () C:\Users\ja\AppData\Local\EmieBrowserModeList
2015-01-07 16:19 - 2015-01-07 16:19 - 00001217 _____ () C:\Users\ja\Downloads\ZCUrootCA.cer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 23:34 - 2014-01-31 20:42 - 00000000 ____D () C:\Users\ja\AppData\Roaming\vlc
2015-02-05 23:34 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 23:34 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 23:20 - 2014-09-15 21:41 - 00000000 ____D () C:\Users\ja\Desktop\bakalarska prace
2015-02-05 23:19 - 2014-05-07 15:12 - 00000000 ____D () C:\Users\ja\Desktop\bundy
2015-02-05 23:04 - 2012-04-13 21:20 - 01656317 _____ () C:\windows\WindowsUpdate.log
2015-02-05 22:58 - 2012-04-13 22:11 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 18:50 - 2009-07-14 06:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-05 14:55 - 2012-04-13 22:11 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 13:58 - 2012-04-13 22:11 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 13:53 - 2012-04-13 22:11 - 00003932 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 13:53 - 2012-04-13 22:11 - 00003680 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 08:53 - 2012-04-13 22:13 - 00155479 _____ () C:\windows\system32\fastboot.set
2015-02-05 08:52 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 08:52 - 2009-07-14 05:51 - 00088779 _____ () C:\windows\setupact.log
2015-02-04 22:59 - 2014-01-30 13:11 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-03 23:54 - 2012-04-13 22:12 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 13:33 - 2014-02-14 17:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 13:32 - 2014-10-16 08:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 13:31 - 2014-10-16 08:15 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 13:31 - 2014-10-16 08:14 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 13:31 - 2014-10-16 08:14 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 13:31 - 2014-10-16 08:14 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 19:55 - 2014-02-01 15:06 - 00000000 ____D () C:\Users\ja\AppData\Roaming\uTorrent
2015-01-18 15:34 - 2015-01-03 23:12 - 00000000 ____D () C:\Users\ja\Downloads\Dr. House 1-7 serie CZ
2015-01-15 16:49 - 2014-02-01 15:49 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 16:41 - 2014-02-01 15:49 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 21:12 - 2014-03-02 23:13 - 00023552 ___SH () C:\Users\ja\Thumbs.db
2015-01-13 19:46 - 2014-04-19 20:03 - 00000000 ____D () C:\Users\ja\Documents\TrackMania
2015-01-13 19:05 - 2014-04-19 20:04 - 00000000 ____D () C:\ProgramData\TrackMania
2015-01-13 15:17 - 2014-02-24 11:03 - 00000000 ____D () C:\windows\Minidump
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======


Some content of TEMP:
====================
C:\Users\ja\AppData\Local\Temp\20150107044902103jniverify.dll
C:\Users\ja\AppData\Local\Temp\jre-8u31-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 11:50




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:421.81 GB) (Free:177.45 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.43 GB) NTFS

Available physical RAM: 2205.36 MB
Total physical RAM: 4039.86 MB
Percentage of memory in use: 45%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 70BE0DB7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\ja\Desktop" je 6760 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Ahoj, dovolim si tykat, kdyz taky pises bakalarku...

V jakem umisteni antivir hrozbu hlasil? Vidim uz jen neaktivni pozustatky haveti a par dalsich drobnosti... nic aktivniho.

V ramci cisteni Ti budou vyprazdneny docasne adresare (vcetne Kose).

Uloz na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukonci vsechny programy
• klikni pravym na ikonu AdwCleaneru a vyber Spustit jako spravce
• klikni na Scan, pote na Clean
• po restartu na Tebe vyskoci log (pripadne jej najdes v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopiruj do pristi odpovedi

[Vyrus]

Ahoj
Umístění je: C:\User\ja\Downloads\Microsoft Office 2007 CZ full\OF.ISO |>ENTERPRI.WWW.ENTERWW.CAB|>CLVIEW.EXE
Jinak to ISO jsem ještě než jsem sem psal o pomoc vyhodil a odstranil.
Teď jdu na ten AdwCleaner, zachvíli pošlu report.

[Vyrus]

# AdwCleaner v4.110 - Logfile created 07/02/2015 at 15:42:03
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : ja - JA-PC
# Running from : C:\Users\ja\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Update ConstaSurf

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\ConstaSurf
Folder Deleted : C:\Users\ja\AppData\Local\webplayer
File Deleted : C:\END
File Deleted : C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\vp93mylg.default\user.js
File Deleted : C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Trymedia Systems

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v29.0.1 (sk)

[vp93mylg.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "Y8YPGQ06AVATCJASKAL6+JDMXXVEBV/GBH2DMJZO3BX4WAPQ0YGKSA4I99TZTOCHLXJK4IRL+8YE7RSJIKL61W");

-\\ Google Chrome v40.0.2214.111

[C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
[C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm

*************************

AdwCleaner[R0].txt - [3073 bytes] - [07/02/2015 15:38:32]
AdwCleaner[S0].txt - [3014 bytes] - [07/02/2015 15:42:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3073 bytes] ##########

[altrok]

Kdo by to byl rek, ze je v cracku na office vir

Dej mi nove logy z FRST (stejne jako pri prvnim postu).

Dropbox pouzivas?

[Vyrus]

Musí se jim to vyplatit no, chápu
Dropbox nepoužívám.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by ja (administrator) on JA-PC on 07-02-2015 22:19:00
Running from C:\Users\ja\Desktop
Loaded Profiles: ja (Available profiles: ja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Maxthon)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
Failed to access process -> wermgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-04-13] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-13] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {a4fbb4cb-eb35-11e3-8507-dc0ea1e185f0} - E:\iLinker.exe
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {e8a45dc0-8b41-11e3-8b8d-dc0ea1e185f0} - G:\AUTORUN.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-29987143-280432319-848625087-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENN
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vpn.zcu.cz/CACHE/stc/4/binaries/vpnweb.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ja\AppData\Roaming\Mozilla\Firefox\Profiles\vp93mylg.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-29987143-280432319-848625087-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ja\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.inbox.com/homepage.aspx?tbid=82120&iwk=280&lng=cs", "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Profile: C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Hľadať v Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Peňaženka Google) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Gmail) - C:\Users\ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-19] (Disc Soft Ltd)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-09-29] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-09-29] (Microsoft Corporation) [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
U2 Stereo Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 22:19 - 2015-02-07 22:19 - 00015802 _____ () C:\Users\ja\Desktop\FRST.txt
2015-02-07 22:18 - 2015-02-07 22:18 - 00000000 ____D () C:\Users\ja\Desktop\FRST-OlderVersion
2015-02-07 15:38 - 2015-02-07 15:42 - 00000000 ____D () C:\AdwCleaner
2015-02-07 15:34 - 2015-02-07 15:34 - 02112512 _____ () C:\Users\ja\Desktop\adwcleaner_4.110.exe
2015-02-06 16:29 - 2015-02-06 16:29 - 00000000 ____D () C:\Users\ja\AppData\Local\ExeOutput
2015-02-06 16:19 - 2015-02-06 16:20 - 15056888 _____ (Convertibles Inc.) C:\Users\ja\Downloads\Movie-Subtitler_1.3.0.0.exe
2015-02-05 23:41 - 2015-02-07 22:19 - 00000000 ____D () C:\FRST
2015-02-05 23:40 - 2015-02-05 23:40 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\FRSTLauncher.exe
2015-02-05 23:18 - 2015-02-07 22:18 - 02132992 _____ (Farbar) C:\Users\ja\Desktop\FRST64.exe
2015-02-05 14:55 - 2015-02-05 14:55 - 00002139 _____ () C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-02-05 14:55 - 2015-02-05 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-02-05 14:53 - 2015-02-05 14:53 - 00880208 _____ (Google Inc.) C:\Users\ja\Downloads\GoogleEarthProSetup.exe
2015-01-27 15:54 - 2015-01-27 15:55 - 13429504 _____ (Disc Soft Ltd) C:\Users\ja\Downloads\DTLite4491-0356.exe
2015-01-24 21:23 - 2015-01-24 21:23 - 00000000 ____D () C:\Users\ja\Downloads\VisualBoyAdvance-1.8.0-beta3
2015-01-24 21:23 - 2015-01-24 21:23 - 00000000 ____D () C:\Users\ja\Downloads\1380564814wpdm_Pokemon FireRed
2015-01-24 21:22 - 2015-01-24 21:23 - 05347971 _____ () C:\Users\ja\Downloads\1380564814wpdm_Pokemon FireRed.zip
2015-01-24 21:22 - 2015-01-24 21:22 - 00538400 _____ () C:\Users\ja\Downloads\VisualBoyAdvance-1.8.0-beta3.rar
2015-01-23 14:59 - 2015-01-23 17:33 - 00000000 ____D () C:\Users\ja\Downloads\NHL.07.CZ
2015-01-23 14:59 - 2015-01-23 16:55 - 2071515068 _____ () C:\Users\ja\Downloads\NHL-2007-(CZ).rar
2015-01-23 14:57 - 2015-01-23 15:13 - 2503790592 _____ () C:\Users\ja\Downloads\NHL08+CZ.iso
2015-01-23 14:57 - 2015-01-23 14:57 - 00012475 _____ () C:\Users\ja\Downloads\[CzT]NHL_2008_CZ_Dabing_.torrent
2015-01-23 14:56 - 2015-01-23 14:56 - 00022439 _____ () C:\Users\ja\Downloads\[CzT]NHL_2007_CZ.torrent
2015-01-23 11:51 - 2015-01-23 11:51 - 00000000 ____D () C:\Users\ja\AppData\Roaming\Unity
2015-01-23 11:48 - 2015-01-23 11:48 - 03249480 _____ (Unity Technologies ApS) C:\Users\ja\Downloads\UnityWebPlayer.exe
2015-01-23 11:48 - 2015-01-23 11:48 - 00000000 ____D () C:\Users\ja\AppData\Local\Unity
2015-01-23 10:22 - 2015-01-23 10:35 - 1319504151 _____ () C:\Users\ja\Desktop\Bonbon Jovi.7z
2015-01-14 15:07 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 15:07 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 15:07 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 15:07 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 15:07 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 15:07 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 15:07 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:07 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:07 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 15:07 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 15:07 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 15:07 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 15:07 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 22:15 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 22:15 - 2009-07-14 05:45 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 22:12 - 2009-07-14 06:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-07 22:11 - 2012-04-13 21:20 - 01781063 _____ () C:\windows\WindowsUpdate.log
2015-02-07 22:07 - 2014-01-30 13:11 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-07 22:06 - 2012-04-13 22:13 - 00144053 _____ () C:\windows\system32\fastboot.set
2015-02-07 22:06 - 2012-04-13 22:11 - 00000932 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 22:05 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-07 22:05 - 2009-07-14 05:51 - 00089848 _____ () C:\windows\setupact.log
2015-02-07 15:58 - 2012-04-13 22:11 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 15:09 - 2014-01-31 20:42 - 00000000 ____D () C:\Users\ja\AppData\Roaming\vlc
2015-02-07 01:59 - 2012-04-13 22:12 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-07 01:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-05 23:20 - 2014-09-15 21:41 - 00000000 ____D () C:\Users\ja\Desktop\bakalarska prace
2015-02-05 23:19 - 2014-05-07 15:12 - 00000000 ____D () C:\Users\ja\Desktop\bundy
2015-02-05 14:55 - 2012-04-13 22:11 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-05 13:53 - 2012-04-13 22:11 - 00003932 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 13:53 - 2012-04-13 22:11 - 00003680 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 13:33 - 2014-02-14 17:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-26 13:32 - 2014-10-16 08:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-26 13:31 - 2014-10-16 08:15 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-26 13:31 - 2014-10-16 08:14 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-26 13:31 - 2014-10-16 08:14 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-26 13:31 - 2014-10-16 08:14 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-23 19:55 - 2014-02-01 15:06 - 00000000 ____D () C:\Users\ja\AppData\Roaming\uTorrent
2015-01-18 15:34 - 2015-01-03 23:12 - 00000000 ____D () C:\Users\ja\Downloads\Dr. House 1-7 serie CZ
2015-01-15 16:49 - 2014-02-01 15:49 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 16:41 - 2014-02-01 15:49 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 21:12 - 2014-03-02 23:13 - 00023552 ___SH () C:\Users\ja\Thumbs.db
2015-01-13 19:46 - 2014-04-19 20:03 - 00000000 ____D () C:\Users\ja\Documents\TrackMania
2015-01-13 19:05 - 2014-04-19 20:04 - 00000000 ____D () C:\ProgramData\TrackMania
2015-01-13 15:17 - 2014-02-24 11:03 - 00000000 ____D () C:\windows\Minidump

Some content of TEMP:
====================
C:\Users\ja\AppData\Local\Temp\20150107044902103jniverify.dll
C:\Users\ja\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\ja\AppData\Local\Temp\Quarantine.exe
C:\Users\ja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 11:50

==================== End Of Log ============================

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopiruj obsah bileho pole
• uloz na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spust FRST a klikni na Fix
• po restartu vloz fixlog - bude ulozen na Plose

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
  HKU\S-1-5-21-29987143-280432319-848625087-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
  HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {a4fbb4cb-eb35-11e3-8507-dc0ea1e185f0} - E:\iLinker.exe
  HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {e8a45dc0-8b41-11e3-8b8d-dc0ea1e185f0} - G:\AUTORUN.EXE
  ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
  ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
  ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
  ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
  
  HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
  HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-21-29987143-280432319-848625087-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
  FF Plugin: @microsoft.com/GENUINE -> disabled No File
  FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
  C:\Program Files (x86)\McAfee\SiteAdvisor
  S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
  
  2015-02-07 22:19 - 2015-02-07 22:19 - 00015802 _____ () C:\Users\ja\Desktop\FRST.txt
  2015-02-07 22:18 - 2015-02-07 22:18 - 00000000 ____D () C:\Users\ja\Desktop\FRST-OlderVersion
  2015-02-07 15:38 - 2015-02-07 15:42 - 00000000 ____D () C:\AdwCleaner
  2015-02-07 15:34 - 2015-02-07 15:34 - 02112512 _____ () C:\Users\ja\Desktop\adwcleaner_4.110.exe
  2015-02-05 23:40 - 2015-02-05 23:40 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\FRSTLauncher.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Hosts:
  EmptyTemp:
  End
  

[Vyrus]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015
Ran by ja at 2015-02-08 01:51:30 Run:1
Running from C:\Users\ja\Desktop
Loaded Profiles: ja (Available profiles: ja)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {a4fbb4cb-eb35-11e3-8507-dc0ea1e185f0} - E:\iLinker.exe
HKU\S-1-5-21-29987143-280432319-848625087-1000\...\MountPoints2: {e8a45dc0-8b41-11e3-8b8d-dc0ea1e185f0} - G:\AUTORUN.EXE
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-29987143-280432319-848625087-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... lz=1I7LENN
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
C:\Program Files (x86)\McAfee\SiteAdvisor
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

2015-02-07 22:19 - 2015-02-07 22:19 - 00015802 _____ () C:\Users\ja\Desktop\FRST.txt
2015-02-07 22:18 - 2015-02-07 22:18 - 00000000 ____D () C:\Users\ja\Desktop\FRST-OlderVersion
2015-02-07 15:38 - 2015-02-07 15:42 - 00000000 ____D () C:\AdwCleaner
2015-02-07 15:34 - 2015-02-07 15:34 - 02112512 _____ () C:\Users\ja\Desktop\adwcleaner_4.110.exe
2015-02-05 23:40 - 2015-02-05 23:40 - 00112640 _____ (forum.viry.cz) C:\Users\ja\Downloads\FRSTLauncher.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
"HKU\S-1-5-21-29987143-280432319-848625087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4fbb4cb-eb35-11e3-8507-dc0ea1e185f0}" => Key deleted successfully.
HKCR\CLSID\{a4fbb4cb-eb35-11e3-8507-dc0ea1e185f0} => Key not found.
"HKU\S-1-5-21-29987143-280432319-848625087-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a45dc0-8b41-11e3-8b8d-dc0ea1e185f0}" => Key deleted successfully.
HKCR\CLSID\{e8a45dc0-8b41-11e3-8b8d-dc0ea1e185f0} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-29987143-280432319-848625087-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-29987143-280432319-848625087-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} => value deleted successfully.
"C:\Program Files (x86)\McAfee\SiteAdvisor" => File/Directory not found.
McAfee SiteAdvisor Service => Service deleted successfully.
C:\Users\ja\Desktop\FRST.txt => Moved successfully.
C:\Users\ja\Desktop\FRST-OlderVersion => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\ja\Desktop\adwcleaner_4.110.exe => Moved successfully.
C:\Users\ja\Downloads\FRSTLauncher.exe => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 997.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 01:52:01 ====

[altrok]

Takze jeste uklidime.

• Stahni a spust DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznac jen moznost "Remove disinfection tools"
• klikni na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[Vyrus]

Tak paráda, děkuju moc, něco pošlu na podporu a dej tu bakalářku

[altrok]

Pracuje se na tom napodobne

Nemas zac, rad jsem pomohl


Za podporu fora jmenem celeho tymu dekuji