Prosim o kontrolu logu - facebook hlasi malware

[Petas45]

Facebook hlasi virus, nejde se prihlasit ani po resetu hesla.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by admin (administrator) on ADMIN-PC (28-04-2016 16:21:44)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe
(forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-09-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5155F126-9727-493D-868B-623A959B4B43}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-03] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-03] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-03]
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-03]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Terapaper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkibjmfcciicdoofeljjmffoekkcnjnm [2016-04-21]
CHR Extension: (Twoo Notifications) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggafhpkgkfebnjfbiefbbbicikgchlf [2015-11-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Сумка скидок для тебя) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\obpocnmfdhngpclpbcjnplojdmbeccjb [2016-01-28]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-03] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Users\admin\Desktop\Aida64 Extreme_4.50.3000_Portable_sk_cz\kerneld.x64 [34136 2015-09-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-03] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 16:21 - 2016-04-28 16:22 - 00012779 _____ C:\Users\admin\Desktop\FRST.txt
2016-04-28 16:21 - 2016-04-28 16:21 - 00000000 ____D C:\FRST
2016-04-28 16:19 - 2016-04-28 16:19 - 02376704 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2016-04-28 16:15 - 2016-04-28 16:15 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe
2016-04-28 16:08 - 2016-04-28 16:08 - 06218784 _____ (Facebook Inc.) C:\Users\admin\Downloads\ESET_T617525495077286T_.exe
2016-04-28 16:04 - 2016-04-28 16:04 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lavasoft
2016-04-28 16:00 - 2016-04-28 16:00 - 00000000 ____D C:\Qoobox
2016-04-28 15:58 - 2016-04-28 16:00 - 00000000 ___SD C:\32788R22FWJFW
2016-04-28 15:58 - 2016-04-28 15:58 - 00000000 ____D C:\Windows\erdnt
2016-04-28 15:55 - 2016-04-28 15:55 - 05658151 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2016-04-28 15:47 - 2016-04-28 15:47 - 00002328 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-04-28 15:47 - 2016-04-28 15:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\LavasoftStatistics
2016-04-28 15:47 - 2016-04-28 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-04-28 15:46 - 2016-04-28 15:46 - 00000000 ____D C:\Program Files\Lavasoft
2016-04-28 15:46 - 2016-04-28 15:46 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-04-28 15:45 - 2016-04-28 15:45 - 02085168 _____ C:\Users\admin\Downloads\Adaware_Installer.exe
2016-04-28 15:45 - 2016-04-28 15:45 - 00000000 ____D C:\ProgramData\Lavasoft
2016-04-22 10:36 - 2016-04-22 10:36 - 00003100 _____ C:\Users\admin\Downloads\VIDE0-193.html
2016-04-21 14:28 - 2016-04-21 14:28 - 00003100 _____ C:\Users\admin\Downloads\VIDEO-SEX-3495.html
2016-04-18 06:31 - 2016-04-18 06:31 - 00029696 _____ C:\Users\admin\Downloads\výsledky Slezského poháru 2015 (2).xls
2016-04-18 06:30 - 2016-04-18 06:30 - 00070656 _____ C:\Users\admin\Downloads\H.Benešov 2014 (1).xls
2016-04-10 09:06 - 2016-04-10 09:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 15:55 - 2015-09-03 17:32 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-28 15:50 - 2015-09-03 18:07 - 00000000 ____D C:\Windows\Panther
2016-04-28 15:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-28 15:43 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-28 15:43 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-28 15:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-27 13:48 - 2015-09-03 17:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-23 17:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-12 09:57 - 2015-09-03 17:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 09:57 - 2015-09-03 17:33 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-08 16:32 - 2009-07-14 17:18 - 00622660 _____ C:\Windows\system32\perfh005.dat
2016-04-08 16:32 - 2009-07-14 17:18 - 00118810 _____ C:\Windows\system32\perfc005.dat
2016-04-08 16:32 - 2009-07-14 07:13 - 01445734 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 14:05 - 2009-07-14 07:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-09-03 18:22 - 2015-09-03 18:22 - 0000000 _____ () C:\Users\admin\AppData\Local\AtStart.txt
2015-09-03 18:22 - 2015-09-03 18:22 - 0000000 _____ () C:\Users\admin\AppData\Local\DSwitch.txt
2015-09-03 18:22 - 2015-09-03 18:22 - 0000000 _____ () C:\Users\admin\AppData\Local\QSwitch.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-15 19:44

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:76.54 GB) (Free:52.73 GB) NTFS
Drive d: () (Fixed) (Total:156.25 GB) (Free:149.4 GB) NTFS

Available physical RAM: 1304.73 MB
Total physical RAM: 3055.3 MB
Percentage of memory in use: 57%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 108D0F6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156.2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\admin\Desktop" je 1080 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Petas45]

# AdwCleaner v5.114 - Log soubor vytvořen 28/04/2016 o 18:13:37
# Aktualizováno 27/04/2016 by Xplode
# Databáze : 2016-04-27.1 [Server]
# Operační systém : Windows 7 Home Premium (X64)
# Jméno uživatele : admin - ADMIN-PC
# Spuštěno z : C:\Users\admin\Desktop\adwcleaner_5.114.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****


***** [ Složky ] *****


***** [ Soubory ] *****

[-] Soubor smazáno : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] Soubor smazáno : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] Soubor smazáno : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
[-] Soubor smazáno : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****


***** [ Naplánované úkoly ] *****


***** [ Registr ] *****

[-] Klávesa smazáno : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Webové prohlížeče ] *****


*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1422 bytes] - [28/04/2016 18:13:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [1558 bytes] - [28/04/2016 18:11:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1568 bytes] ##########

[Rudy]

Dejte nový log FRST.

[Petas45]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by admin (administrator) on ADMIN-PC (28-04-2016 20:20:21)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\atchk.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-05-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-03] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-09-03]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5155F126-9727-493D-868B-623A959B4B43}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-03] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-03] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-03]
CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-03]
CHR Extension: (Disk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (Tabulky Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Terapaper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkibjmfcciicdoofeljjmffoekkcnjnm [2016-04-28]
CHR Extension: (Twoo Notifications) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mggafhpkgkfebnjfbiefbbbicikgchlf [2015-11-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-03] (AVAST Software)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2008-05-25] (Intel Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; C:\Users\admin\Desktop\Aida64 Extreme_4.50.3000_Portable_sk_cz\kerneld.x64 [34136 2015-09-03] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-03] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 SMSCIRDA; C:\Windows\System32\DRIVERS\SMSCir64.sys [37760 2007-04-25] (SMSC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 20:19 - 2016-04-28 20:19 - 00112640 _____ (forum.viry.cz) C:\Users\admin\Desktop\FRSTLauncher.exe
2016-04-28 19:33 - 2016-04-28 19:34 - 06218784 _____ (Facebook Inc.) C:\Users\admin\Downloads\ESET_T617648555064980T_.exe
2016-04-28 18:51 - 2016-04-28 18:52 - 06218784 _____ (Facebook Inc.) C:\Users\admin\Downloads\ESET_T617525495077286T_ (1).exe
2016-04-28 18:11 - 2016-04-28 18:13 - 00000000 ____D C:\AdwCleaner
2016-04-28 18:10 - 2016-04-28 18:10 - 03581504 _____ C:\Users\admin\Desktop\adwcleaner_5.114.exe
2016-04-28 16:21 - 2016-04-28 20:20 - 00012517 _____ C:\Users\admin\Desktop\FRST.txt
2016-04-28 16:21 - 2016-04-28 20:20 - 00000000 ____D C:\FRST
2016-04-28 16:19 - 2016-04-28 16:19 - 02376704 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2016-04-28 16:08 - 2016-04-28 16:08 - 06218784 _____ (Facebook Inc.) C:\Users\admin\Downloads\ESET_T617525495077286T_.exe
2016-04-28 16:00 - 2016-04-28 16:00 - 00000000 ____D C:\Qoobox
2016-04-28 15:58 - 2016-04-28 16:00 - 00000000 ___SD C:\32788R22FWJFW
2016-04-28 15:58 - 2016-04-28 15:58 - 00000000 ____D C:\Windows\erdnt
2016-04-28 15:55 - 2016-04-28 15:55 - 05658151 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2016-04-28 15:45 - 2016-04-28 15:45 - 02085168 _____ C:\Users\admin\Downloads\Adaware_Installer.exe
2016-04-22 10:36 - 2016-04-22 10:36 - 00003100 _____ C:\Users\admin\Downloads\VIDE0-193.html
2016-04-21 14:28 - 2016-04-21 14:28 - 00003100 _____ C:\Users\admin\Downloads\VIDEO-SEX-3495.html
2016-04-18 06:31 - 2016-04-18 06:31 - 00029696 _____ C:\Users\admin\Downloads\výsledky Slezského poháru 2015 (2).xls
2016-04-18 06:30 - 2016-04-18 06:30 - 00070656 _____ C:\Users\admin\Downloads\H.Benešov 2014 (1).xls
2016-04-10 09:06 - 2016-04-10 09:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 19:55 - 2015-09-03 17:32 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-28 18:37 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-28 18:26 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-28 18:26 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-28 18:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-28 16:31 - 2009-07-14 17:18 - 00622660 _____ C:\Windows\system32\perfh005.dat
2016-04-28 16:31 - 2009-07-14 17:18 - 00118810 _____ C:\Windows\system32\perfc005.dat
2016-04-28 16:31 - 2009-07-14 07:13 - 01445734 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-28 15:50 - 2015-09-03 18:07 - 00000000 ____D C:\Windows\Panther
2016-04-27 13:48 - 2015-09-03 17:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-23 17:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-12 09:57 - 2015-09-03 17:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 09:57 - 2015-09-03 17:33 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-01 14:05 - 2009-07-14 07:08 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-09-03 18:22 - 2015-09-03 18:22 - 0000000 _____ () C:\Users\admin\AppData\Local\AtStart.txt
2015-09-03 18:22 - 2015-09-03 18:22 - 0000000 _____ () C:\Users\admin\AppData\Local\DSwitch.txt
2015-09-03 18:22 - 2015-09-03 18:22 - 0000000 _____ () C:\Users\admin\AppData\Local\QSwitch.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-15 19:44

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:76.54 GB) (Free:52.9 GB) NTFS
Drive d: () (Fixed) (Total:156.25 GB) (Free:149.4 GB) NTFS

Available physical RAM: 1601.11 MB
Total physical RAM: 3055.3 MB
Percentage of memory in use: 47%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 108D0F6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=76.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156.2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\admin\Desktop" je 1083 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Petas45]

Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by admin (2016-04-28 21:29:26) Run:1
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
End
*****************

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

==== End of Fixlog 21:29:26 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Petas45]

Notebook se zda v poradku. Pri prihlasovani do facebooku jsem dostal upozorneni na malware a facebook nabidl scan pomoci Eset antiviru. Vse jsem provedl a facebook jiz jede! Dekuji za pomoc.

[Rudy]

Rádo se stalo!