VIRY.CZ

Ahoj u známého se taky ujal daný virus. Log přikládám, pomůžete prosím?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by ekonom (administrator) on EKONOM-PC on 12-11-2013 13:21:31
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\ekonom\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\ekonom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
MountPoints2: D - D:\Autorun.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
Startup: C:\Users\ekonom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqqjmqld.lnk
ShortcutTarget: mqqjmqld.lnk -> C:\PROGRA~3\dlqmjqqm.dss (Sato Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13014
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hal3000.cz
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60040
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60040
SearchScopes: HKCU - {797B206F-875B-422F-814C-FAE09A4B958A} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13014
SearchScopes: HKCU - {9DFDB0DB-A7FA-4928-A34E-1A5AF5CF02CB} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13014
SearchScopes: HKCU - {ACEC5F06-36E8-426E-B6E5-590008DEA77F} URL = http://search.seznam.cz/?q={searchTerms ... arch_13014
SearchScopes: HKCU - {BCD0D499-3604-4421-A2C4-8DD890C918C1} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... 093&lng=cs
SearchScopes: HKCU - {D2E99C0A-3D0A-4158-B456-D06D3AB9FE4D} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13014
SearchScopes: HKCU - {DF67302D-BB6E-4859-A9DC-2DFE221999A4} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13014
SearchScopes: HKCU - {E806F2F5-E8BF-47FB-B489-280B80F07011} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13014
SearchScopes: HKCU - {E909194C-4B1C-4F18-86E1-08301EDBE4D7} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13014
SearchScopes: HKCU - {ED1C77F1-92AC-461B-AE39-471D2463979E} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13014
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
DPF: HKLM-x32 {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.30.1

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=13014
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Software602 Form Filler) - C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Email) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Slovn\u00EDk) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0
CHR Extension: (YouTube) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Google Wallet) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0
CHR Extension: (Gmail) - C:\Users\ekonom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [84520 2011-03-14] (Software602 a.s.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\Windows\System32\Drivers\qd252x64.sys [47824 2009-11-16] (Intel Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
S3 NmPar; \SystemRoot\system32\DRIVERS\NmPar.sys [x]
S3 nmserial; \SystemRoot\system32\DRIVERS\nmserial.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 13:21 - 2013-11-12 13:21 - 00000000 ____D C:\FRST
2013-11-12 10:30 - 2013-11-12 13:16 - 00000285 _____ C:\ProgramData\mqqjmqld.reg
2013-11-12 10:14 - 2013-11-12 13:17 - 95025368 ____T C:\ProgramData\mqqjmqld.bxx
2013-11-12 10:14 - 2013-11-12 13:16 - 00000000 _____ C:\ProgramData\mqqjmqld.fvv
2013-11-12 10:14 - 2013-11-12 10:14 - 00210432 _____ (Sato Corporation) C:\ProgramData\dlqmjqqm.dss
2013-11-12 10:14 - 2013-11-12 10:14 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\mqqjmqld.pss
2013-11-07 11:40 - 2013-11-09 05:59 - 00035840 _____ C:\Users\ekonom\Downloads\PRG+SVZ+9.-16.11.2013+Vranovice.wiz
2013-11-07 11:39 - 2013-11-07 11:39 - 00583661 _____ C:\Users\ekonom\Downloads\prilohy_11863.zip
2013-11-03 23:38 - 2013-11-09 06:06 - 08190278 _____ C:\Users\ekonom\Downloads\izrael_-_svedek_jezisova_zivota (1).zip
2013-11-03 15:20 - 2013-11-12 13:16 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-01 19:33 - 2013-11-01 19:33 - 00010319 _____ C:\Users\ekonom\Downloads\NS 133 Říčka Josef.odt
2013-11-01 10:27 - 2013-11-01 10:27 - 00010319 _____ C:\Users\ekonom\Desktop\NS 133 Říčka Josef.odt
2013-10-30 19:21 - 2013-10-30 19:21 - 00502078 _____ C:\Users\ekonom\Downloads\prilohy_12159.zip
2013-10-29 23:21 - 2013-10-29 23:21 - 00076288 _____ C:\Users\ekonom\Downloads\Hledani noclehu.wiz
2013-10-29 23:19 - 2013-10-29 23:19 - 00017920 _____ C:\Users\ekonom\Downloads\koberec.wiz
2013-10-29 23:10 - 2013-10-29 23:10 - 08190278 _____ C:\Users\ekonom\Downloads\izrael_-_svedek_jezisova_zivota.zip
2013-10-29 23:08 - 2013-10-29 23:09 - 02079744 _____ C:\Users\ekonom\Downloads\mista_v_izraeli.ppt
2013-10-24 21:36 - 2013-10-24 21:36 - 00519349 _____ C:\Users\ekonom\Downloads\paragraf720121005.csv
2013-10-24 20:48 - 2013-10-24 20:48 - 07273984 _____ C:\Users\ekonom\Downloads\azia-izrael-eilat-krasny-podmorsky-zivot-cerveneho-mora-pridane-30.12.2012.pps
2013-10-24 20:45 - 2013-10-24 20:45 - 05642752 _____ C:\Users\ekonom\Downloads\azia-izrael-jeruzalem.pps
2013-10-24 20:42 - 2013-10-24 20:42 - 06009856 _____ C:\Users\ekonom\Downloads\azia-izrael-nazaret-pridane-30.12.2012.pps
2013-10-20 14:44 - 2013-10-20 14:45 - 00648160 _____ (Unity Technologies ApS) C:\Users\ekonom\Downloads\UnityWebPlayer (9).exe
2013-10-19 07:03 - 2013-10-19 07:04 - 41485095 _____ C:\Users\ekonom\Downloads\FarmFrenzy2 (2).exe
2013-10-18 16:31 - 2013-10-18 16:33 - 41485095 _____ C:\Users\ekonom\Downloads\FarmFrenzy2 (1).exe
2013-10-18 16:25 - 2013-10-18 16:27 - 41485095 _____ C:\Users\ekonom\Downloads\FarmFrenzy2.exe
2013-10-18 08:14 - 2013-10-18 08:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-13 21:01 - 2013-11-12 10:23 - 00000000 ____D C:\Users\ekonom\AppData\Roaming\Seznam.cz
2013-10-13 21:00 - 2013-10-13 21:00 - 01203359 _____ C:\Users\ekonom\Documents\czech_spell_checking_dictionary-1.0-fx+zm+tb.xpi

==================== One Month Modified Files and Folders =======

2013-11-12 13:21 - 2013-11-12 13:21 - 00000000 ____D C:\FRST
2013-11-12 13:17 - 2013-11-12 10:14 - 95025368 ____T C:\ProgramData\mqqjmqld.bxx
2013-11-12 13:17 - 2009-07-14 05:51 - 00093921 _____ C:\Windows\setupact.log
2013-11-12 13:16 - 2013-11-12 10:30 - 00000285 _____ C:\ProgramData\mqqjmqld.reg
2013-11-12 13:16 - 2013-11-12 10:14 - 00000000 _____ C:\ProgramData\mqqjmqld.fvv
2013-11-12 13:16 - 2013-11-03 15:20 - 00000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-12 13:16 - 2011-03-03 11:46 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 13:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 10:23 - 2013-10-13 21:01 - 00000000 ____D C:\Users\ekonom\AppData\Roaming\Seznam.cz
2013-11-12 10:23 - 2011-03-03 08:05 - 01631833 _____ C:\Windows\WindowsUpdate.log
2013-11-12 10:23 - 2009-07-14 05:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 10:23 - 2009-07-14 05:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 10:22 - 2009-07-14 16:18 - 00678436 _____ C:\Windows\system32\perfh005.dat
2013-11-12 10:22 - 2009-07-14 16:18 - 00139766 _____ C:\Windows\system32\perfc005.dat
2013-11-12 10:22 - 2009-07-14 06:13 - 01603268 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 10:14 - 2013-11-12 10:14 - 00210432 _____ (Sato Corporation) C:\ProgramData\dlqmjqqm.dss
2013-11-12 10:14 - 2013-11-12 10:14 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\mqqjmqld.pss
2013-11-12 10:14 - 2011-03-03 08:06 - 00000000 ___RD C:\Users\ekonom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-12 10:06 - 2011-03-03 11:46 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 09:45 - 2012-04-03 06:26 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-09 06:06 - 2013-11-03 23:38 - 08190278 _____ C:\Users\ekonom\Downloads\izrael_-_svedek_jezisova_zivota (1).zip
2013-11-09 05:59 - 2013-11-07 11:40 - 00035840 _____ C:\Users\ekonom\Downloads\PRG+SVZ+9.-16.11.2013+Vranovice.wiz
2013-11-07 23:37 - 2011-08-05 10:20 - 00000000 ____D C:\Users\ekonom\AppData\Roaming\SoftGrid Client
2013-11-07 11:39 - 2013-11-07 11:39 - 00583661 _____ C:\Users\ekonom\Downloads\prilohy_11863.zip
2013-11-07 11:31 - 2011-03-03 09:47 - 00000000 ____D C:\Users\ekonom\Desktop\nájemní smlouvy 2010
2013-11-01 19:33 - 2013-11-01 19:33 - 00010319 _____ C:\Users\ekonom\Downloads\NS 133 Říčka Josef.odt
2013-11-01 10:27 - 2013-11-01 10:27 - 00010319 _____ C:\Users\ekonom\Desktop\NS 133 Říčka Josef.odt
2013-10-30 19:21 - 2013-10-30 19:21 - 00502078 _____ C:\Users\ekonom\Downloads\prilohy_12159.zip
2013-10-29 23:21 - 2013-10-29 23:21 - 00076288 _____ C:\Users\ekonom\Downloads\Hledani noclehu.wiz
2013-10-29 23:19 - 2013-10-29 23:19 - 00017920 _____ C:\Users\ekonom\Downloads\koberec.wiz
2013-10-29 23:10 - 2013-10-29 23:10 - 08190278 _____ C:\Users\ekonom\Downloads\izrael_-_svedek_jezisova_zivota.zip
2013-10-29 23:09 - 2013-10-29 23:08 - 02079744 _____ C:\Users\ekonom\Downloads\mista_v_izraeli.ppt
2013-10-27 16:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-25 09:26 - 2012-01-06 08:45 - 00000000 ____D C:\Users\ekonom\Desktop\statistika
2013-10-24 21:36 - 2013-10-24 21:36 - 00519349 _____ C:\Users\ekonom\Downloads\paragraf720121005.csv
2013-10-24 20:48 - 2013-10-24 20:48 - 07273984 _____ C:\Users\ekonom\Downloads\azia-izrael-eilat-krasny-podmorsky-zivot-cerveneho-mora-pridane-30.12.2012.pps
2013-10-24 20:45 - 2013-10-24 20:45 - 05642752 _____ C:\Users\ekonom\Downloads\azia-izrael-jeruzalem.pps
2013-10-24 20:42 - 2013-10-24 20:42 - 06009856 _____ C:\Users\ekonom\Downloads\azia-izrael-nazaret-pridane-30.12.2012.pps
2013-10-20 14:45 - 2013-10-20 14:44 - 00648160 _____ (Unity Technologies ApS) C:\Users\ekonom\Downloads\UnityWebPlayer (9).exe
2013-10-20 08:03 - 2013-04-02 19:58 - 00000000 ____D C:\Users\ekonom\AppData\Roaming\TP-LINK
2013-10-19 07:04 - 2013-10-19 07:03 - 41485095 _____ C:\Users\ekonom\Downloads\FarmFrenzy2 (2).exe
2013-10-18 18:05 - 2012-02-15 09:38 - 00000000 ____D C:\Users\ekonom\Desktop\Kupní smlouvy 2012
2013-10-18 16:33 - 2013-10-18 16:31 - 41485095 _____ C:\Users\ekonom\Downloads\FarmFrenzy2 (1).exe
2013-10-18 16:27 - 2013-10-18 16:25 - 41485095 _____ C:\Users\ekonom\Downloads\FarmFrenzy2.exe
2013-10-18 08:14 - 2013-10-18 08:14 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-18 08:14 - 2012-11-22 08:11 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 22:01 - 2011-03-03 11:46 - 00003948 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-17 22:01 - 2011-03-03 11:46 - 00003696 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-16 18:04 - 2012-08-29 08:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-13 21:00 - 2013-10-13 21:00 - 01203359 _____ C:\Users\ekonom\Documents\czech_spell_checking_dictionary-1.0-fx+zm+tb.xpi

Files to move or delete:
====================
C:\ProgramData\dlqmjqqm.dss
C:\ProgramData\mqqjmqld.reg


Some content of TEMP:
====================
C:\Users\ekonom\AppData\Local\Temp\googleupdatesetup.exe
C:\Users\ekonom\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\ekonom\AppData\Local\Temp\listicka.exe
C:\Users\ekonom\AppData\Local\Temp\~tmf5945946575181736840.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 11:55

==================== End Of Log ============================

Zdravim

Tema jsem oddelil od puvodniho, do cizich temat se nevstupuje

Jen se zeptam, jedna se o domaci PC nebo nejake pracovni\firemni??

Děkuji za oddělení.

Bohužel domácí na kterém je i účetnictví .

Dulezite je zalohovat, zalohovat a stale zalohovat...

Ale tohle by melo jit polecit

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\ekonom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
  MountPoints2: D - D:\Autorun.exe
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
  Startup: C:\Users\ekonom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqqjmqld.lnk
  ShortcutTarget: mqqjmqld.lnk -> C:\PROGRA~3\dlqmjqqm.dss (Sato Corporation)
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60040
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60040
  SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
  Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
  Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
  Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
  Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
  
  2013-11-12 10:30 - 2013-11-12 13:16 - 00000285 _____ C:\ProgramData\mqqjmqld.reg
  2013-11-12 10:14 - 2013-11-12 13:17 - 95025368 ____T C:\ProgramData\mqqjmqld.bxx
  2013-11-12 10:14 - 2013-11-12 13:16 - 00000000 _____ C:\ProgramData\mqqjmqld.fvv
  2013-11-12 10:14 - 2013-11-12 10:14 - 00210432 _____ (Sato Corporation) C:\ProgramData\dlqmjqqm.dss
  2013-11-12 10:14 - 2013-11-12 10:14 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\mqqjmqld.pss
  
  C:\Users\ekonom\AppData\Local\Temp\googleupdatesetup.exe
  C:\Users\ekonom\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
  C:\Users\ekonom\AppData\Local\Temp\listicka.exe
  C:\Users\ekonom\AppData\Local\Temp\~tmf5945946575181736840.dll
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Děkuji moc zdá se že je vše u něj OK.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01
Ran by ekonom at 2013-11-12 14:51:42 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\ekonom\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
MountPoints2: D - D:\Autorun.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
Startup: C:\Users\ekonom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqqjmqld.lnk
ShortcutTarget: mqqjmqld.lnk -> C:\PROGRA~3\dlqmjqqm.dss (Sato Corporation)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60040
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60040
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80093&lng=cs
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File

2013-11-12 10:30 - 2013-11-12 13:16 - 00000285 _____ C:\ProgramData\mqqjmqld.reg
2013-11-12 10:14 - 2013-11-12 13:17 - 95025368 ____T C:\ProgramData\mqqjmqld.bxx
2013-11-12 10:14 - 2013-11-12 13:16 - 00000000 _____ C:\ProgramData\mqqjmqld.fvv
2013-11-12 10:14 - 2013-11-12 10:14 - 00210432 _____ (Sato Corporation) C:\ProgramData\dlqmjqqm.dss
2013-11-12 10:14 - 2013-11-12 10:14 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\mqqjmqld.pss

C:\Users\ekonom\AppData\Local\Temp\googleupdatesetup.exe
C:\Users\ekonom\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\ekonom\AppData\Local\Temp\listicka.exe
C:\Users\ekonom\AppData\Local\Temp\~tmf5945946575181736840.dll

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
C:\Users\ekonom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mqqjmqld.lnk => Moved successfully.
C:\PROGRA~3\dlqmjqqm.dss => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\SearchAssistant => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully.
HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Value deleted successfully.
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Value deleted successfully.
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
C:\ProgramData\mqqjmqld.reg => Moved successfully.
C:\ProgramData\mqqjmqld.bxx => Moved successfully.
C:\ProgramData\mqqjmqld.fvv => Moved successfully.
"C:\ProgramData\dlqmjqqm.dss" => File/Directory not found.
C:\ProgramData\mqqjmqld.pss => Moved successfully.
C:\Users\ekonom\AppData\Local\Temp\googleupdatesetup.exe => Moved successfully.
C:\Users\ekonom\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\ekonom\AppData\Local\Temp\listicka.exe => Moved successfully.
C:\Users\ekonom\AppData\Local\Temp\~tmf5945946575181736840.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

Jeste s dovolenim nekoncime a prochu to uz procistime dkyz jsme se do toho daly

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte