VIRY.CZ

Zdravím,
kamarád stáhl song a nevšiml si že se jedná o exe soubor. Nyní mu Avast neustále blokuje stahování z různých stránek. Soubor jako podezřelý ale nevyhodnotil. Po přenesení NTB do mojí sítě už Avast nic neblokuje, přesto ale přikládám log z RSIT.
Předem Díky za kontrolu.
Logfile of random's system information tool 1.10 (written by random/random)
Run by benet_000 at 2015-01-13 18:07:11
Microsoft Windows 8.1 s aplikací Bing
System drive C: has 785 GB (86%) free of 913 GB
Total RAM: 3529 MB (51% free)

HijackThis download failed

======Listing Processes======

wininit.exe

C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\windows\system32\CxAudMsg64.exe
dashost.exe {9efdb998-6a8d-44c7-8259c11c60c041d7}
"C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe"
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\windows\SysWOW64\SAsrv.exe
"C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1488a0f5-ea98-4966-88eb-c5a01e16747f -SystemEventPortName:HostProcess-ae150f5e-b265-4a08-abbe-af9184ab2c22 -IoCancelEventPortName:HostProcess-868ae269-0975-49d3-998f-8043b92be25d -NonStateChangingEventPortName:HostProcess-d2c9dac2-7902-4165-9218-233010216ff6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c7959678-96da-48b8-8103-07998915ccc4 -DeviceGroupId:WudfDefaultDevicePool
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\SearchIndexer.exe /Embedding
ngservice.exe pipeserver
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv
"C:\windows\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv

C:\windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
taskhostex.exe
C:\windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Windows\RTFTrack.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Users\benet_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" -Embedding
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Users\benet_000\AppData\Local\Pokki\Engine\HostAppService.exe"
"C:\Users\benet_000\AppData\Local\Pokki\Engine\HostAppService.exe" --type=renderer --disable-breakpad --disable-desktop-notifications --disable-logging --disable-speech-input --lang=en-US --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/17/OneClickSignIn/Standard/Prefetch/ContentPrefetchPrefetchOn/Prerender/Prerender15minTTL/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpeculativePrefetchingLearning/SpeculativePrefetchingLearningEnabled/Test0PercentDefault/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --noerrdialogs --disable-client-side-phishing-detection --disable-bundled-ppapi-flash --channel="9492.2.272842872\1514988917" /prefetch:3
"C:\Users\benet_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Users\benet_000\Downloads\RSITx64.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\benet_000\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "https://www.google.cz/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll

C:\Users\benet_000\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default\extensions\
8VQWDPX@5.com
U@cEeWaMOR.net
Zv@0R.edu

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b45f60e-a0d9-49c9-ad58-369c7904d4cc}]
youtubeadblocker - C:\Program Files (x86)\youtubeadblocker\DL8DiuV7zNUjVQ.x64.dll [2015-01-10 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-11-04 218784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5db0401b-c028-423d-8972-8335ca980ca6}]
unnisaales - C:\Program Files (x86)\unnisaales\i254Y1o3FXJWHx.x64.dll [2015-01-10 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-30 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a505f65c-5472-47c1-a907-05aba11231ab}]
uNisales - C:\Program Files (x86)\uNisales\Pgdz0TL5E5KDsj.x64.dll [2015-01-12 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b45f60e-a0d9-49c9-ad58-369c7904d4cc}]
youtubeadblocker - C:\Program Files (x86)\youtubeadblocker\DL8DiuV7zNUjVQ.dll [2015-01-10 566272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5db0401b-c028-423d-8972-8335ca980ca6}]
unnisaales - C:\Program Files (x86)\unnisaales\i254Y1o3FXJWHx.dll [2015-01-10 566272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-30 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a505f65c-5472-47c1-a907-05aba11231ab}]
uNisales - C:\Program Files (x86)\uNisales\Pgdz0TL5E5KDsj.dll [2015-01-12 566272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"=C:\windows\RTFTrack.exe [2013-07-19 6340312]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2014-05-29 17111056]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2014-05-29 193008]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2013-07-24 903384]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2012-06-13 1647616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\benet_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2014-12-20 10231624]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2013-12-07 766208]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-09 5227112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-09-25 132736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-13 18:07:12 ----D---- C:\Program Files\trend micro
2015-01-13 18:07:11 ----D---- C:\rsit
2015-01-12 21:45:25 ----D---- C:\Program Files (x86)\uNisales
2015-01-12 21:45:15 ----D---- C:\ProgramData\keilapkcjojelaggjcofjpkihbeapmjm
2015-01-11 14:20:58 ----D---- C:\windows\SYSWOW64\vbox
2015-01-11 14:20:58 ----D---- C:\windows\system32\vbox
2015-01-10 21:29:42 ----D---- C:\Program Files (x86)\DeltaFix
2015-01-10 21:29:14 ----D---- C:\Program Files (x86)\Browse Save Win
2015-01-10 21:28:41 ----D---- C:\Program Files (x86)\youtubeadblocker
2015-01-10 21:28:01 ----D---- C:\Program Files (x86)\unnisaales
2015-01-10 21:27:38 ----D---- C:\ProgramData\6269841763953735323
2015-01-10 21:27:37 ----D---- C:\Program Files (x86)\UnisaaLes
2015-01-10 21:27:12 ----D---- C:\ProgramData\nnfoaccjbhpdliceifeakopoeopaloog
2014-12-31 14:45:51 ----D---- C:\Users\benet_000\AppData\Roaming\Dropbox
2014-12-30 21:34:22 ----N---- C:\windows\system32\MpSigStub.exe
2014-12-30 21:29:35 ----A---- C:\windows\system32\drivers\aswKbd.sys
2014-12-30 21:29:27 ----A---- C:\windows\system32\aswBoot.exe
2014-12-30 21:29:14 ----A---- C:\windows\avastSS.scr
2014-12-30 21:28:46 ----A---- C:\windows\system32\drivers\aswNdisFlt.sys
2014-12-29 19:16:28 ----D---- C:\Users\benet_000\AppData\Roaming\ATI
2014-12-16 20:34:35 ----A---- C:\windows\system32\poqexec.exe
2014-12-16 20:34:34 ----A---- C:\windows\SYSWOW64\poqexec.exe

======List of files/folders modified in the last 1 month======

2015-01-13 18:07:15 ----D---- C:\windows\Prefetch
2015-01-13 18:07:12 ----RD---- C:\Program Files
2015-01-13 18:00:04 ----D---- C:\windows\system32\sru
2015-01-13 17:41:13 ----D---- C:\windows\Temp
2015-01-13 08:52:30 ----D---- C:\windows\Microsoft.NET
2015-01-13 08:20:22 ----D---- C:\windows\AppReadiness
2015-01-12 21:45:25 ----RD---- C:\Program Files (x86)
2015-01-12 21:45:15 ----HD---- C:\ProgramData
2015-01-12 08:22:59 ----D---- C:\windows\Inf
2015-01-12 08:22:59 ----AD---- C:\windows\System32
2015-01-12 08:22:59 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-01-11 14:49:07 ----D---- C:\windows\SoftwareDistribution
2015-01-11 14:49:07 ----AD---- C:\Windows
2015-01-11 14:49:05 ----SHD---- C:\System Volume Information
2015-01-11 14:44:02 ----D---- C:\windows\debug
2015-01-11 14:30:51 ----SHD---- C:\windows\Installer
2015-01-11 14:20:58 ----D---- C:\windows\SysWOW64
2015-01-11 14:18:41 ----D---- C:\windows\system32\drivers
2015-01-10 21:12:20 ----HD---- C:\Program Files\WindowsApps
2015-01-01 13:50:34 ----SHD---- C:\$Recycle.Bin
2014-12-30 21:30:11 ----D---- C:\windows\system32\DriverStore
2014-12-30 21:29:37 ----D---- C:\windows\system32\Tasks
2014-12-29 22:09:30 ----D---- C:\Users\benet_000\AppData\Roaming\vlc
2014-12-27 10:15:08 ----D---- C:\windows\system32\config
2014-12-24 09:56:23 ----RD---- C:\windows\assembly
2014-12-23 22:22:16 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-12-23 22:20:44 ----D---- C:\Program Files\Microsoft Office 15
2014-12-21 22:07:45 ----D---- C:\Users\benet_000\AppData\Roaming\Skype
2014-12-19 22:34:21 ----D---- C:\windows\WinSxS
2014-12-18 07:35:16 ----D---- C:\windows\CbsTemp
2014-12-18 07:13:32 ----D---- C:\ProgramData\Skype
2014-12-18 07:13:26 ----RD---- C:\Program Files (x86)\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem5.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\windows\System32\drivers\amdkmpfd.sys [2013-05-21 36096]
R0 aswNdisFlt;@oem67.inf,%AfwDescriptionFree%;Avast! Firewall Driver; C:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-12-30 449936]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-12-30 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-12-30 267632]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2014-05-29 39008]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2014-12-30 28184]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-12-30 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-12-30 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-12-30 436624]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 APXACC;@oem13.inf,%APPEX_ACC_SERVICE_NAME%;AppEx Networks Accelerator LWF; C:\windows\system32\DRIVERS\appexDrv.sys [2013-04-18 219360]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-12-30 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-12-30 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-12-30 116728]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-30 271752]
R3 ACPIVPC;@oem58.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\windows\System32\drivers\AcpiVpc.sys [2014-05-29 35600]
R3 AmdAS4;@oem11.inf,%AmdAS4.SVCDESC%;AmdAS4 service; C:\windows\System32\drivers\AmdAS4.sys [2013-02-07 17504]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2013-12-07 13203456]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2013-12-06 624128]
R3 athr;@oem19.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athwbx.sys [2013-08-16 3859968]
R3 AtiHDAudioService;@oem9.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\windows\system32\drivers\AtihdWB6.sys [2013-09-24 222720]
R3 BTATH_BUS;@oem1.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\windows\System32\drivers\btath_bus.sys [2013-09-25 34384]
R3 BtFilter;BtFilter; C:\windows\system32\DRIVERS\btfilter.sys [2013-09-25 594632]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 CnxtHdAudService;@oem65.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2014-01-09 1469632]
R3 L1C;@oem14.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C63x64.sys [2013-07-18 130248]
R3 rtsuvc;@oem42.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\windows\system32\DRIVERS\rtsuvc.sys [2013-07-19 8247640]
R3 SynTP;@oem18.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2013-09-13 532208]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 AthBTPort;@oem4.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\windows\system32\DRIVERS\btath_flt.sys [2013-09-25 89800]
S3 BTATH_A2DP;@oem3.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\windows\system32\drivers\btath_a2dp.sys [2013-09-25 338120]
S3 btath_avdt;@oem3.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\windows\system32\drivers\btath_avdt.sys [2013-09-25 116424]
S3 BTATH_HCRP;@oem6.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\windows\System32\drivers\btath_hcrp.sys [2013-09-25 179432]
S3 BTATH_LWFLT;@oem8.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\windows\system32\DRIVERS\btath_lwflt.sys [2013-09-25 77464]
S3 BTATH_RCP;@oem10.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\windows\System32\drivers\btath_rcp.sys [2013-09-25 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\windows\System32\drivers\BthEnum.sys [2013-08-22 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\windows\System32\drivers\bthpan.sys [2014-07-24 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 dg_ssudbus;@oem67.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 NETwNe64;@netwew02.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew02.sys [2013-06-18 4649440]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\System32\drivers\rfcomm.sys [2014-03-18 167424]
S3 RSUSBVSTOR;@oem15.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2013-07-18 329944]
S3 ssudmdm;@oem68.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
S3 WDC_SAM;@oem66.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\windows\System32\drivers\wdcsam64.sys [2008-05-06 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdaptiveSleepService;AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [2013-12-07 99328]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2013-12-06 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-07 344064]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-09-25 312448]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-30 50344]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-12-30 104416]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-11-12 2449592]
R2 CxAudMsg;@C:\windows\system32\CxAudMsg64.exe,-100; C:\windows\system32\CxAudMsg64.exe [2013-07-25 206552]
R2 fc67e7a0;DeltaFix; C:\windows\syswow64\rundll32.exe [2013-08-22 49664]
R2 MaxthonUpdateSvc;Maxthon Core Update Service; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2014-12-03 1851192]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-04-24 390632]
R2 SAService;Conexant SmartAudio service; C:\windows\system32\SAsrv.exe []
R2 VeriFaceSrv;VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [2014-05-29 68368]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-30 4012248]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-04 267440]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-02 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 150600]

-----------------EOF-----------------

Zdarvim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Díky za rychlou reakci, tady log z AdwCleaneru

Kód: Vybrat vše

# AdwCleaner v4.107 - Report created 13/01/2015 at 19:33:50
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 8.1 Connected  (64 bits)
# Username : benet_000 - LENOVO-PC
# Running from : C:\Users\benet_000\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : fc67e7a0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\6269841763953735323
Folder Deleted : C:\Program Files (x86)\DeltaFix

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\Pa505f65c_5472_47c1_a907_05aba11231ab_.Pa505f65c_5472_47c1_a907_05aba11231ab_
Key Deleted : HKLM\SOFTWARE\Classes\Pa505f65c_5472_47c1_a907_05aba11231ab_.Pa505f65c_5472_47c1_a907_05aba11231ab_.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a505f65c-5472-47c1-a907-05aba11231ab}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a505f65c-5472-47c1-a907-05aba11231ab}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a505f65c-5472-47c1-a907-05aba11231ab}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a505f65c-5472-47c1-a907-05aba11231ab}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a505f65c-5472-47c1-a907-05aba11231ab}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fc67e7a0}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0 (x86 cs)


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [2442 octets] - [13/01/2015 19:30:08]
AdwCleaner[S0].txt - [2314 octets] - [13/01/2015 19:33:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2374 octets] ##########

zoek to vzal poctivě skoro 1,5 hodiny

Kód: Vybrat vše

Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by benet_000 on Łt 13. 01. 2015 at 19:44:16,46.
Microsoft Windows 8.1 s aplikací Bing 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\benet_000\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

13. 1. 2015 19:49:24 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\New Folder deleted successfully
C:\Program Files\trend micro deleted successfully
C:\PROGRA~3\Office2013 deleted successfully
C:\Users\benet_000\AppData\Local\CrashDumps deleted successfully
C:\Users\OKAY\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1b45f60e-a0d9-49c9-ad58-369c7904d4cc} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1b45f60e-a0d9-49c9-ad58-369c7904d4cc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b45f60e-a0d9-49c9-ad58-369c7904d4cc} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b45f60e-a0d9-49c9-ad58-369c7904d4cc} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5db0401b-c028-423d-8972-8335ca980ca6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5db0401b-c028-423d-8972-8335ca980ca6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5db0401b-c028-423d-8972-8335ca980ca6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5db0401b-c028-423d-8972-8335ca980ca6} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\BENET_~1\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668");
user_pref("browser.search.defaulturl", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.order.1", "Seznam");
user_pref("keyword.URL", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\BENET_~1\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\OKAY\AppData\Roaming\Mozilla\Firefox\Profiles\c2uchj1x.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/?gws_rd=ssl");

Added to C:\Users\OKAY\AppData\Roaming\Mozilla\Firefox\Profiles\c2uchj1x.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\BENET_~1\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default

user.js not found
---- Lines extensions.4Thz9qgSGkJZGwgv removed from prefs.js ----
user_pref("extensions.4Thz9qgSGkJZGwgv.epoch", "1");
user_pref("extensions.4Thz9qgSGkJZGwgv.scode", "void(0);");
user_pref("extensions.4Thz9qgSGkJZGwgv.url", "http://mojofun.net/sync/?q=C6qUojkHpds7pjsFrdsFrdU9qHa7rjCMAyVUojrFrjCFqHn8pdk5rTnHrdaGrjnMCMlNhd9FqjaFr
---- Lines extensions.Tulmh2sEi4A6k1qU removed from prefs.js ----
user_pref("extensions.Tulmh2sEi4A6k1qU.epoch", "1");
user_pref("extensions.Tulmh2sEi4A6k1qU.scode", "void(0);");
user_pref("extensions.Tulmh2sEi4A6k1qU.url", "http://veteranted.org/sync/?q=C6qUojUFrTnEqjaFpjg9rTaGqTrHrdrMAyVUojrFrjCFqHn8pdk5rTnHrdaGrjnMCMlNhd9Fqj
---- Lines extensions.aGJ2SWlHDt2DCTMH removed from prefs.js ----
user_pref("extensions.aGJ2SWlHDt2DCTMH.epoch", "1421008941");
user_pref("extensions.aGJ2SWlHDt2DCTMH.url", "http://progget.com/sync2/?q=hfZ9ofV9CShEAen0rTw6qHrMg708BNmGWj8deShGheDUojw8rdwFrdsErTCGpihIC7n0rjkErjwE
---- FireFox user.js and prefs.js backups ---- 

prefs_201513.01._2111_.backup

ProfilePath: C:\Users\OKAY\AppData\Roaming\Mozilla\Firefox\Profiles\c2uchj1x.default

user.js not found
---- FireFox user.js and prefs.js backups ---- 

prefs_201513.01._2111_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Browse Save Win deleted
C:\PROGRA~3\keilapkcjojelaggjcofjpkihbeapmjm deleted
C:\PROGRA~3\nnfoaccjbhpdliceifeakopoeopaloog deleted
C:\PROGRA~2\youtubeadblocker deleted
C:\Users\Public\Pokki deleted
C:\Users\benet_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\Users\OKAY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\benet_000\AppData\Local\Pokki deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\OKAY\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\benet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\benet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\BENET_~1\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\OKAY\AppData\Roaming\Mozilla\Firefox\Profiles\c2uchj1x.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [30. 12. 2014 21:29]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04. 04. 2014 11:36]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\benet_000\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default
18CF51689186AEB9D1D149AEB0E92D03	- C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -	Microsoft Office 2013


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30. 12. 2014 21:29]

Avast Online Security - benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Browse Save Win - benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho

==== Chromium Startpages ======================

C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"startup_urls": [ "http://www.google.com" ],


==== Chromium Fix ======================

C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlipcaflaocihnmlhnhcfombgmmfglho deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{486CB895-763B-4F9B-8CFF-57D826637AE3} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2567922597-1314633198-236608235-1006\Software\Microsoft\Internet Explorer\SearchScopes\{486CB895-763B-4F9B-8CFF-57D826637AE3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\benet_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\benet_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\OKAY\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\OKAY\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\benet_000\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\benet_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\OKAY\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\OKAY\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\benet_000\AppData\Local\Mozilla\Firefox\Profiles\9shqbjj9.default\cache2 emptied successfully
C:\Users\OKAY\AppData\Local\Mozilla\Firefox\Profiles\c2uchj1x.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12921 folders=335 628802837 bytes)

==== Empty Temp Folders ======================

C:\Users\benet_000\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\OKAY\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\BENET_~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 13. 01. 2015 at 21:36:59,61 ======================

Nedavejte logy do code

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Omlouvám se za ten delay, nějakou dobu jsem se k tomu nedostal, taky za špatně umisťované logy, polepším se

níže log z FRST a addition log v raru v příloze.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by benet_000 (administrator) on LENOVO-PC on 20-01-2015 23:17:49
Running from C:\Users\benet_000\Desktop
Loaded Profiles: benet_000 (Available profiles: benet_000)
Platform: Windows 8.1 Connected (X64) OS Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(forum.viry.cz) C:\Users\benet_000\Desktop\FRSTLauncher (3).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2014-05-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2567922597-1314633198-236608235-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2567922597-1314633198-236608235-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2567922597-1314633198-236608235-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2567922597-1314633198-236608235-1006\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2567922597-1314633198-236608235-1006 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1

FireFox:
========
FF ProfilePath: C:\Users\benet_000\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default
FF Homepage: http://www.google.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\benet_000\AppData\Roaming\Mozilla\Firefox\Profiles\9shqbjj9.default\searchplugins\seznam-avast.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-05]
FF HKU\S-1-5-21-2567922597-1314633198-236608235-1006\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]
CHR Extension: (Dokumenty Google) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]
CHR Extension: (Disk Google) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]
CHR Extension: (YouTube) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]
CHR Extension: (Vyhledávání Google) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]
CHR Extension: (Tabulky Google) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]
CHR Extension: (Peněženka Google) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]
CHR Extension: (Gmail) - C:\Users\benet_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-07] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-30] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-30] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1851192 2014-12-03] (Maxthon)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-05-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-30] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-30] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 23:17 - 2015-01-20 23:18 - 00014631 _____ () C:\Users\benet_000\Desktop\FRST.txt
2015-01-20 23:17 - 2015-01-20 23:17 - 00000000 ____D () C:\FRST
2015-01-20 23:17 - 2015-01-20 23:08 - 02126848 _____ (Farbar) C:\Users\benet_000\Desktop\FRST64.exe
2015-01-20 23:15 - 2015-01-20 23:15 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Desktop\FRSTLauncher (3).exe
2015-01-20 23:12 - 2015-01-20 23:12 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Downloads\Nepotvrzeno 635272.crdownload
2015-01-20 23:11 - 2015-01-20 23:11 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Downloads\Nepotvrzeno 406562.crdownload
2015-01-20 23:11 - 2015-01-20 23:11 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Downloads\Nepotvrzeno 266928.crdownload
2015-01-20 23:08 - 2015-01-20 23:08 - 02126848 _____ (Farbar) C:\Users\benet_000\Downloads\FRST64.exe
2015-01-20 13:15 - 2015-01-20 13:15 - 00001991 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-20 13:14 - 2014-12-30 21:29 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-01-19 18:39 - 2015-01-19 18:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 21:53 - 2015-01-16 21:53 - 00000116 _____ () C:\windows\setupact.log
2015-01-16 21:53 - 2015-01-16 21:53 - 00000000 _____ () C:\windows\setuperr.log
2015-01-14 11:56 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 11:56 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 11:56 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 11:56 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 11:56 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 11:56 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 11:56 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 11:56 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 11:56 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 11:56 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 11:56 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 11:56 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 11:56 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 11:56 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 11:56 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 11:56 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 11:56 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 11:56 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 11:56 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 11:56 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 11:56 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 11:56 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 11:56 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 11:56 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 11:56 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 21:34 - 2015-01-13 19:43 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 19:48 - 2015-01-13 21:36 - 00013828 _____ () C:\zoek-results.log
2015-01-13 19:43 - 2015-01-13 21:27 - 00000000 ____D () C:\zoek_backup
2015-01-13 19:41 - 2015-01-13 19:41 - 01295360 _____ () C:\Users\benet_000\Desktop\zoek.exe
2015-01-13 19:35 - 2015-01-13 21:35 - 00000652 _____ () C:\windows\PFRO.log
2015-01-13 19:29 - 2015-01-13 19:33 - 00000000 ____D () C:\AdwCleaner
2015-01-13 19:28 - 2015-01-13 19:29 - 02191360 _____ () C:\Users\benet_000\Desktop\adwcleaner_4.107.exe
2015-01-13 18:26 - 2015-01-13 18:27 - 00000000 ____D () C:\Users\benet_000\Downloads\Vir
2015-01-13 18:25 - 2015-01-13 18:25 - 00000000 ____D () C:\Users\benet_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-13 18:25 - 2015-01-13 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-13 18:25 - 2015-01-13 18:25 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-01-13 18:23 - 2015-01-13 18:23 - 00003268 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2567922597-1314633198-236608235-1006
2015-01-13 18:07 - 2015-01-13 18:08 - 00000000 ____D () C:\rsit
2015-01-13 18:05 - 2015-01-13 18:05 - 01222144 _____ () C:\Users\benet_000\Downloads\RSITx64.exe
2015-01-12 21:45 - 2015-01-12 21:45 - 00000000 ____D () C:\Program Files (x86)\uNisales
2015-01-11 14:57 - 2015-01-11 14:58 - 00000330 _____ () C:\windows\system32\2015-01-11-13-57-59.097-aswFe.exe-6576.log
2015-01-11 14:57 - 2015-01-11 14:57 - 00000197 _____ () C:\windows\system32\2015-01-11-13-57-55.087-AvastVBoxSVC.exe-1404.log
2015-01-11 14:49 - 2015-01-20 23:16 - 01386880 _____ () C:\windows\WindowsUpdate.log
2015-01-11 14:48 - 2015-01-11 14:48 - 00000330 _____ () C:\windows\system32\2015-01-11-13-48-03.092-aswFe.exe-5584.log
2015-01-11 14:47 - 2015-01-11 14:48 - 00000197 _____ () C:\windows\system32\2015-01-11-13-47-59.055-AvastVBoxSVC.exe-2180.log
2015-01-11 14:36 - 2015-01-11 14:37 - 00000330 _____ () C:\windows\system32\2015-01-11-13-36-56.034-aswFe.exe-1108.log
2015-01-11 14:35 - 2015-01-11 14:35 - 00000330 _____ () C:\windows\system32\2015-01-11-13-35-09.012-aswFe.exe-156.log
2015-01-11 14:35 - 2015-01-11 14:35 - 00000197 _____ () C:\windows\system32\2015-01-11-13-35-05.044-AvastVBoxSVC.exe-2956.log
2015-01-11 14:20 - 2015-01-11 14:21 - 00000000 ____D () C:\windows\SysWOW64\vbox
2015-01-11 14:20 - 2015-01-11 14:21 - 00000000 ____D () C:\windows\system32\vbox
2015-01-10 21:28 - 2015-01-10 21:28 - 00000000 ____D () C:\Program Files (x86)\unnisaales
2015-01-10 21:27 - 2015-01-10 21:27 - 00000000 ____D () C:\Program Files (x86)\UnisaaLes
2015-01-09 17:12 - 2015-01-09 18:37 - 1472903595 _____ () C:\Users\benet_000\Downloads\libanky-2013-cz.mp4
2015-01-04 13:00 - 2015-01-04 13:10 - 158239550 _____ () C:\Users\benet_000\Downloads\Danny Macaskill The Ridge.mp4
2015-01-01 14:12 - 2015-01-01 18:42 - 00001157 _____ () C:\Users\benet_000\Desktop\ENERGIE – zástupce.lnk
2015-01-01 14:10 - 2015-01-13 18:33 - 00000000 ____D () C:\Users\benet_000\Documents\ENERGIE
2014-12-31 14:45 - 2014-12-31 14:46 - 00000000 ____D () C:\Users\benet_000\AppData\Roaming\Dropbox
2014-12-30 21:34 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-30 21:30 - 2015-01-20 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-30 21:29 - 2014-12-30 21:29 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-29 19:16 - 2014-12-29 19:16 - 00000000 ____D () C:\Users\benet_000\AppData\Roaming\ATI
2014-12-29 19:16 - 2014-12-29 19:16 - 00000000 ____D () C:\Users\benet_000\AppData\Local\ATI
2014-12-29 19:16 - 2014-12-29 19:16 - 00000000 ____D () C:\Users\benet_000\AppData\Local\AMD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 23:16 - 2014-09-03 20:15 - 00271360 ___SH () C:\Users\benet_000\Downloads\Thumbs.db
2015-01-20 23:14 - 2014-09-04 18:57 - 00004994 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-PC-benet_000 Lenovo-PC
2015-01-20 23:12 - 2014-10-20 10:41 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 23:05 - 2014-08-07 20:28 - 00003990 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{1F4831D3-8ACD-43DC-9034-49F7DF9C21B7}
2015-01-20 23:03 - 2014-08-06 20:16 - 00000000 ___DO () C:\Users\benet_000\OneDrive
2015-01-20 17:09 - 2014-07-31 23:17 - 05779626 _____ () C:\Users\Public\CAFADEBUG.log
2015-01-20 17:09 - 2014-05-29 19:01 - 00006656 _____ () C:\windows\system32\VfService.trf
2015-01-20 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-01-20 15:28 - 2014-10-24 21:18 - 00000980 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-20 13:20 - 2014-08-06 20:20 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2567922597-1314633198-236608235-1006
2015-01-20 13:14 - 2014-08-05 05:26 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-01-20 13:00 - 2014-09-14 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-16 21:53 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 21:51 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-01-14 19:50 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-14 19:49 - 2014-08-05 10:33 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 19:44 - 2014-08-05 10:33 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 20:12 - 2014-10-20 10:41 - 00003802 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 18:30 - 2014-08-08 21:51 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-01-13 18:23 - 2014-08-04 19:40 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-13 18:23 - 2014-08-04 19:40 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-12 08:22 - 2014-05-29 18:59 - 00739908 _____ () C:\windows\system32\perfh005.dat
2015-01-12 08:22 - 2014-05-29 18:59 - 00151614 _____ () C:\windows\system32\perfc005.dat
2015-01-12 08:22 - 2014-03-18 10:53 - 01745984 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 01:08 - 2014-12-10 21:57 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-06 01:08 - 2014-12-10 21:57 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 15:29 - 2014-08-13 19:43 - 00000000 ___RD () C:\Users\benet_000\Desktop\Sadova
2015-01-04 07:53 - 2014-08-31 09:49 - 00000000 ____D () C:\Users\benet_000\AppData\Local\Adobe
2015-01-01 14:12 - 2014-08-07 20:13 - 00125440 ___SH () C:\Users\benet_000\Desktop\Thumbs.db
2014-12-31 14:43 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-30 21:29 - 2014-08-05 05:26 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-30 21:29 - 2014-08-05 05:26 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-29 22:09 - 2014-09-14 19:11 - 00000000 ____D () C:\Users\benet_000\AppData\Roaming\vlc
2014-12-23 22:20 - 2014-09-04 18:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-21 22:07 - 2014-11-04 21:31 - 00000000 ____D () C:\Users\benet_000\AppData\Roaming\Skype

==================== Files in the root of some directories =======
2014-09-13 20:52 - 2014-09-13 20:52 - 0000017 _____ () C:\Users\benet_000\AppData\Local\resmon.resmoncfg
2014-05-29 18:26 - 2014-05-29 18:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\benet_000\Desktop" je 366 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

2015-01-20 23:17 - 2015-01-20 23:18 - 00014631 _____ () C:\Users\benet_000\Desktop\FRST.txt
2015-01-20 23:15 - 2015-01-20 23:15 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Desktop\FRSTLauncher (3).exe
2015-01-20 23:12 - 2015-01-20 23:12 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Downloads\Nepotvrzeno 635272.crdownload
2015-01-20 23:11 - 2015-01-20 23:11 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Downloads\Nepotvrzeno 406562.crdownload
2015-01-20 23:11 - 2015-01-20 23:11 - 00112640 _____ (forum.viry.cz) C:\Users\benet_000\Downloads\Nepotvrzeno 266928.crdownload
2015-01-13 21:34 - 2015-01-13 19:43 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 19:48 - 2015-01-13 21:36 - 00013828 _____ () C:\zoek-results.log
2015-01-13 19:43 - 2015-01-13 21:27 - 00000000 ____D () C:\zoek_backup
2015-01-13 19:41 - 2015-01-13 19:41 - 01295360 _____ () C:\Users\benet_000\Desktop\zoek.exe
2015-01-13 19:35 - 2015-01-13 21:35 - 00000652 _____ () C:\windows\PFRO.log
2015-01-13 19:29 - 2015-01-13 19:33 - 00000000 ____D () C:\AdwCleaner
2015-01-13 19:28 - 2015-01-13 19:29 - 02191360 _____ () C:\Users\benet_000\Desktop\adwcleaner_4.107.exe
2015-01-13 18:07 - 2015-01-13 18:08 - 00000000 ____D () C:\rsit
2015-01-13 18:05 - 2015-01-13 18:05 - 01222144 _____ () C:\Users\benet_000\Downloads\RSITx64.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

VIRY.CZ

Avast neustále upozorňuje na blokující stahování

Avast neustále upozorňuje na blokující stahování

Re: Avast neustále upozorňuje na blokující stahování

Re: Avast neustále upozorňuje na blokující stahování

Re: Avast neustále upozorňuje na blokující stahování

Re: Avast neustále upozorňuje na blokující stahování

Re: Avast neustále upozorňuje na blokující stahování

Re: Avast neustále upozorňuje na blokující stahování