VIRY.CZ

Zdravím

dnes mi UPC poslalo mail, že přes můj počítač šel opět virus přitom žádný antivir nic nehlásil a MBAM malware taky nenašel. Přikládám log.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Jan (administrator) on HONZATOR on 02-03-2015 13:14:06
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan & (Available profiles: Jan)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Facebook Inc.) C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe
(appfour GmbH) C:\Program Files (x86)\Scatter\Scatter.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jan\Downloads\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-06-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-09-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-05-15] (IDT, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-03-01] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [Facebook Update] => C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-15] (Facebook Inc.)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1410296 2008-05-19] (Valve Corporation)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\MountPoints2: {1994e440-a9ab-11e3-be75-a4db304be1a4} - "E:\setup.exe"
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-15] (Facebook Inc.)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1410296 2008-05-19] (Valve Corporation)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1994e440-a9ab-11e3-be75-a4db304be1a4} - "E:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scatter.lnk
ShortcutTarget: Scatter.lnk -> C:\Program Files (x86)\Scatter\Scatter.exe (appfour GmbH)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2489515568-810325039-2320951972-1001 -> {3BD331D0-66C9-467C-A8FD-EAD783B74468} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3BD331D0-66C9-467C-A8FD-EAD783B74468} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (AdBlock) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Instagram for Chrome) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-03-12]
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-01] (Qualcomm Atheros Commnucations) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-05-15] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-01] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-10-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-10-09] (BitDefender LLC)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-01] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-12] (Disc Soft Ltd)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [100184 2013-04-09] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1064704 2013-05-31] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 13:14 - 2015-03-02 13:14 - 00019352 _____ () C:\Users\Jan\Desktop\FRST.txt
2015-03-02 13:13 - 2015-03-02 13:13 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
2015-02-25 13:56 - 2015-02-25 13:56 - 00006512 _____ () C:\mbam.txt
2015-02-25 13:41 - 2015-03-02 11:56 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 13:40 - 2015-02-25 13:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 13:40 - 2015-02-25 13:40 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 13:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-25 13:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-25 13:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-24 22:53 - 2015-02-24 22:53 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-24 18:13 - 2015-03-02 13:14 - 00000000 ____D () C:\FRST
2015-02-24 18:12 - 2015-02-24 18:12 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Downloads\FRSTLauncher.exe
2015-02-24 18:11 - 2015-03-02 13:13 - 02092544 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-02-24 18:11 - 2015-02-24 18:11 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Downloads\Nepotvrzeno 730781.crdownload
2015-02-24 18:11 - 2015-02-24 18:11 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Downloads\Nepotvrzeno 288107.crdownload
2015-02-24 18:02 - 2015-02-24 18:03 - 00000000 ____D () C:\rsit
2015-02-24 18:02 - 2015-02-24 18:03 - 00000000 ____D () C:\Program Files\trend micro
2015-02-24 18:02 - 2015-02-24 18:02 - 01222144 _____ () C:\Users\Jan\Downloads\RSITx64.exe
2015-02-24 17:46 - 2015-02-24 17:46 - 00522240 _____ (OldTimer Tools) C:\Users\Jan\Downloads\OTM.exe
2015-02-24 17:37 - 2015-02-24 19:43 - 00000000 ____D () C:\AdwCleaner
2015-02-24 17:36 - 2015-02-24 17:36 - 02126848 _____ () C:\Users\Jan\Downloads\adwcleaner_4.111.exe
2015-02-24 17:04 - 2015-02-24 17:04 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-24 17:02 - 2015-02-24 17:02 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-02-24 16:55 - 2015-02-24 16:59 - 111586544 _____ (Sophos Limited) C:\Users\Jan\Downloads\Sophos Virus Removal Tool.exe
2015-02-24 15:15 - 2015-02-24 16:49 - 00331179 _____ () C:\Users\Jan\Downloads\FixDwndp.log
2015-02-24 15:15 - 2015-02-24 15:15 - 02348928 _____ () C:\Users\Jan\Downloads\D.exe
2015-02-22 16:22 - 2015-02-22 16:22 - 00000000 _____ () C:\Users\Jan\Documents\Tor Age Bringsvard.odp
2015-02-22 16:22 - 2015-02-22 16:22 - 00000000 _____ () C:\Users\Jan\Documents\Klar-Brnovjak.odt
2015-02-22 15:51 - 2015-02-22 17:11 - 00000095 _____ () C:\Users\Jan\Downloads\FixDownadup.log
2015-02-22 15:51 - 2015-02-22 15:51 - 02269056 _____ () C:\Users\Jan\Downloads\FixDownadup.exe
2015-02-22 12:17 - 2015-02-22 15:51 - 1915818937 _____ () C:\Users\Jan\Downloads\Zimní-válka---Talvisota-1989,-CZ-tit.mkv
2015-02-15 15:51 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 15:51 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-15 14:56 - 2015-02-15 14:56 - 00000000 ____D () C:\Users\Jan\Documents\SimCity
2015-02-15 14:55 - 2015-02-15 14:55 - 00001321 _____ () C:\Users\Jan\Desktop\SimCity.lnk
2015-02-15 14:55 - 2015-02-15 14:55 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\SimCity
2015-02-15 14:27 - 2015-02-15 14:43 - 00000000 ____D () C:\Users\Jan\Downloads\[R.G. Mechanics] SimCity
2015-02-12 13:00 - 2015-02-12 13:00 - 00010673 _____ () C:\Users\Jan\Downloads\trainer_3965_Rome Total War ALL ACCESS CHEAT.rar
2015-02-12 12:59 - 2015-02-12 12:59 - 00011676 _____ () C:\Users\Jan\Downloads\trainer_421_mm-twmtr.rar
2015-02-11 23:38 - 2015-02-11 23:38 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War ROME II.lnk
2015-02-11 23:38 - 2015-02-11 23:38 - 00000848 _____ () C:\Users\Public\Desktop\Total War ROME II.lnk
2015-02-11 23:13 - 2015-02-12 12:18 - 00000000 ____D () C:\Program Files (x86)\Total War ROME II
2015-02-11 21:52 - 2015-02-11 21:53 - 04770479 _____ () C:\Users\Jan\Downloads\F-Secure_ConfickerRemover.zip
2015-02-11 21:52 - 2015-02-11 21:53 - 00122080 _____ () C:\Users\Jan\Downloads\EConfickerRemover.exe
2015-02-11 21:45 - 2015-02-11 21:45 - 02402613 _____ () C:\Users\Jan\Downloads\BD_RemovalTooleSingleComputer.zip
2015-02-11 21:42 - 2015-02-11 21:52 - 00000000 ____D () C:\Users\Jan\Downloads\Total.War.ROME.II-RELOADED
2015-02-11 06:26 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 06:26 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 06:26 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 06:26 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 06:26 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 06:26 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 06:26 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 06:26 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 06:26 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 06:26 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 06:26 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 06:26 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 06:26 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 06:26 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 06:26 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 06:26 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 06:26 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 06:26 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 06:26 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 06:26 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 06:26 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 06:26 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 06:26 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 06:26 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 06:26 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 06:26 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 06:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 06:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 06:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 06:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 06:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 06:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 06:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 06:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 06:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 06:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 06:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 06:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 06:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 06:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 06:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 06:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 06:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 06:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 06:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 06:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 06:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 06:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 06:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 06:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 06:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 06:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 06:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 06:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 06:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 06:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 06:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 06:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 06:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 06:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 06:23 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 06:23 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 06:22 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 06:22 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 06:22 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 06:22 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 06:22 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 06:22 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 06:22 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 06:22 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 18:33 - 2015-02-08 18:34 - 130841848 _____ (Microsoft Corporation) C:\Users\Jan\Downloads\msert.exe
2015-02-08 18:21 - 2015-02-08 18:21 - 37987520 _____ (Microsoft Corporation) C:\Users\Jan\Downloads\Windows-KB890830-x64-V5.20.exe
2015-02-08 14:02 - 2015-02-08 14:02 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Lavasoft
2015-02-04 03:13 - 2015-02-04 03:13 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-04 03:00 - 2015-02-04 03:00 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2015-02-04 03:00 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2015-02-04 02:58 - 2015-02-25 20:00 - 00002356 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-04 02:58 - 2015-02-04 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-04 02:57 - 2015-02-04 02:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-04 02:56 - 2015-02-04 02:56 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-04 02:54 - 2015-02-04 02:54 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-04 02:54 - 2015-02-04 02:54 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-04 02:53 - 2015-02-04 02:54 - 01924232 _____ () C:\Users\Jan\Downloads\Adaware_Installer.exe
2015-02-04 02:15 - 2015-02-04 02:15 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-02-04 02:15 - 2015-02-04 02:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 13:06 - 2014-07-12 15:35 - 01405807 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 13:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 09:12 - 2014-07-12 15:44 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25B3EB83-8C4D-46D7-819F-889657654F5D}
2015-03-02 09:05 - 2013-08-22 15:46 - 00303051 _____ () C:\WINDOWS\setupact.log
2015-02-28 13:02 - 2014-03-18 16:33 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-28 13:02 - 2014-03-18 15:54 - 00740962 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-28 13:02 - 2014-03-18 15:54 - 00152146 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-26 14:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-25 20:05 - 2014-11-22 01:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-25 20:03 - 2014-07-12 15:44 - 00000000 ___DO () C:\Users\Jan\OneDrive
2015-02-25 19:59 - 2014-03-18 08:20 - 00052070 _____ () C:\WINDOWS\PFRO.log
2015-02-25 19:59 - 2013-11-29 04:20 - 00045568 _____ () C:\WINDOWS\system32\VfService.trf
2015-02-25 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins
2015-02-25 19:59 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-25 19:59 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-25 15:20 - 2014-03-12 10:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2489515568-810325039-2320951972-1001
2015-02-24 22:52 - 2014-09-22 13:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-24 22:51 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-02-24 15:59 - 2014-03-12 07:29 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\BitTorrent
2015-02-22 18:44 - 2014-05-16 16:57 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2015-02-21 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-19 12:33 - 2013-11-29 04:22 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-02-15 14:55 - 2014-03-14 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-02-15 14:50 - 2014-03-14 01:55 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-02-14 20:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-14 19:56 - 2013-08-22 15:44 - 00362520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 12:06 - 2014-03-11 21:12 - 00139907 _____ () C:\WINDOWS\DirectX.log
2015-02-11 09:55 - 2014-03-13 00:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 09:51 - 2014-03-12 10:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 09:41 - 2014-03-12 10:47 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 09:40 - 2014-12-12 03:33 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 09:40 - 2014-07-12 13:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-05 02:02 - 2014-06-05 01:30 - 00155136 ___SH () C:\Users\Jan\Downloads\Thumbs.db
2015-02-04 02:15 - 2014-03-12 10:44 - 00000000 ____D () C:\Users\Jan\AppData\Local\LSC
2015-02-04 02:15 - 2014-03-12 06:25 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LSC
2015-02-04 02:15 - 2013-11-29 04:20 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-04 02:15 - 2013-11-29 04:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-02-04 02:15 - 2013-11-29 04:15 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-04 02:15 - 2013-11-29 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-04 02:12 - 2013-11-29 04:15 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-02-03 20:31 - 2014-12-12 03:36 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 03:36 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-06-01 15:28 - 2014-05-23 10:21 - 0000226 _____ () C:\Program Files (x86)\update-tropico5.bat
2014-06-01 15:28 - 2013-10-12 19:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2014-12-18 11:53 - 2015-01-18 01:29 - 0000004 _____ () C:\Users\Jan\AppData\Roaming\appdataFr2.bin
2014-09-18 12:40 - 2014-09-18 12:40 - 0000011 _____ () C:\Users\Jan\AppData\Roaming\facebooker.exe.ini
2015-02-24 22:53 - 2015-02-24 22:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties

==================== Security Center ==================

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan\Desktop" je 131 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 18:51:25
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jan - HONZATOR
# Running from : C:\Users\Jan\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v37.0.2062.120

[C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://search.gboxapp.com/

-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [18737 bytes] - [24/02/2015 17:38:11]
AdwCleaner[R1].txt - [1076 bytes] - [24/02/2015 19:41:59]
AdwCleaner[R2].txt - [1195 bytes] - [02/03/2015 18:38:16]
AdwCleaner[R3].txt - [1254 bytes] - [02/03/2015 18:42:09]
AdwCleaner[S0].txt - [18154 bytes] - [24/02/2015 17:40:45]
AdwCleaner[S1].txt - [1148 bytes] - [24/02/2015 19:43:22]
AdwCleaner[S2].txt - [1186 bytes] - [02/03/2015 18:51:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1245 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Jan (administrator) on HONZATOR on 02-03-2015 19:16:06
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available profiles: Jan)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Facebook Inc.) C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe
(appfour GmbH) C:\Program Files (x86)\Scatter\Scatter.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jan\Downloads\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-06-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [DolbyTrayApp] => c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-09-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-05-15] (IDT, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132224 2013-03-01] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [Facebook Update] => C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-15] (Facebook Inc.)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1410296 2008-05-19] (Valve Corporation)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\MountPoints2: {1994e440-a9ab-11e3-be75-a4db304be1a4} - "E:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scatter.lnk
ShortcutTarget: Scatter.lnk -> C:\Program Files (x86)\Scatter\Scatter.exe (appfour GmbH)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2489515568-810325039-2320951972-1001 -> {3BD331D0-66C9-467C-A8FD-EAD783B74468} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2489515568-810325039-2320951972-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google Search) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (AdBlock) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Instagram for Chrome) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-03-12]
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-03-01] (Qualcomm Atheros Commnucations) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-05-15] (IDT, Inc.) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-03-01] (Atheros) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-10-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261496 2014-10-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-10-09] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-10-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-10-09] (BitDefender LLC)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-01] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-12] (Disc Soft Ltd)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-10-09] (BitDefender LLC)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [100184 2013-04-09] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-10-09] (BitDefender S.R.L.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1064704 2013-05-31] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 13:14 - 2015-03-02 19:16 - 00017446 _____ () C:\Users\Jan\Desktop\FRST.txt
2015-03-02 13:13 - 2015-03-02 13:13 - 00000000 ____D () C:\Users\Jan\Desktop\FRST-OlderVersion
2015-02-25 13:56 - 2015-02-25 13:56 - 00006512 _____ () C:\mbam.txt
2015-02-25 13:56 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 13:56 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 13:56 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 13:56 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 13:56 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 13:56 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-25 13:41 - 2015-03-02 18:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 13:40 - 2015-02-25 13:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-25 13:40 - 2015-02-25 13:40 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 13:40 - 2015-02-25 13:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 13:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-25 13:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-25 13:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-24 22:53 - 2015-02-24 22:53 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-24 18:13 - 2015-03-02 19:16 - 00000000 ____D () C:\FRST
2015-02-24 18:12 - 2015-02-24 18:12 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Downloads\FRSTLauncher.exe
2015-02-24 18:11 - 2015-03-02 13:13 - 02092544 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-02-24 18:11 - 2015-02-24 18:11 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Downloads\Nepotvrzeno 730781.crdownload
2015-02-24 18:11 - 2015-02-24 18:11 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Downloads\Nepotvrzeno 288107.crdownload
2015-02-24 18:02 - 2015-02-24 18:03 - 00000000 ____D () C:\rsit
2015-02-24 18:02 - 2015-02-24 18:03 - 00000000 ____D () C:\Program Files\trend micro
2015-02-24 18:02 - 2015-02-24 18:02 - 01222144 _____ () C:\Users\Jan\Downloads\RSITx64.exe
2015-02-24 17:46 - 2015-02-24 17:46 - 00522240 _____ (OldTimer Tools) C:\Users\Jan\Downloads\OTM.exe
2015-02-24 17:37 - 2015-03-02 18:51 - 00000000 ____D () C:\AdwCleaner
2015-02-24 17:36 - 2015-02-24 17:36 - 02126848 _____ () C:\Users\Jan\Downloads\adwcleaner_4.111.exe
2015-02-24 17:04 - 2015-02-24 17:04 - 00000000 ____D () C:\ProgramData\Sophos
2015-02-24 17:02 - 2015-02-24 17:02 - 00002775 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-02-24 17:02 - 2015-02-24 17:02 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-02-24 16:55 - 2015-02-24 16:59 - 111586544 _____ (Sophos Limited) C:\Users\Jan\Downloads\Sophos Virus Removal Tool.exe
2015-02-24 15:15 - 2015-02-24 16:49 - 00331179 _____ () C:\Users\Jan\Downloads\FixDwndp.log
2015-02-24 15:15 - 2015-02-24 15:15 - 02348928 _____ () C:\Users\Jan\Downloads\D.exe
2015-02-22 16:22 - 2015-02-22 16:22 - 00000000 _____ () C:\Users\Jan\Documents\Tor Age Bringsvard.odp
2015-02-22 16:22 - 2015-02-22 16:22 - 00000000 _____ () C:\Users\Jan\Documents\Klar-Brnovjak.odt
2015-02-22 15:51 - 2015-02-22 17:11 - 00000095 _____ () C:\Users\Jan\Downloads\FixDownadup.log
2015-02-22 15:51 - 2015-02-22 15:51 - 02269056 _____ () C:\Users\Jan\Downloads\FixDownadup.exe
2015-02-22 12:17 - 2015-02-22 15:51 - 1915818937 _____ () C:\Users\Jan\Downloads\Zimní-válka---Talvisota-1989,-CZ-tit.mkv
2015-02-15 15:51 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-15 15:51 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-15 14:56 - 2015-02-15 14:56 - 00000000 ____D () C:\Users\Jan\Documents\SimCity
2015-02-15 14:55 - 2015-02-15 14:55 - 00001321 _____ () C:\Users\Jan\Desktop\SimCity.lnk
2015-02-15 14:55 - 2015-02-15 14:55 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\SimCity
2015-02-15 14:27 - 2015-02-15 14:43 - 00000000 ____D () C:\Users\Jan\Downloads\[R.G. Mechanics] SimCity
2015-02-12 13:00 - 2015-02-12 13:00 - 00010673 _____ () C:\Users\Jan\Downloads\trainer_3965_Rome Total War ALL ACCESS CHEAT.rar
2015-02-12 12:59 - 2015-02-12 12:59 - 00011676 _____ () C:\Users\Jan\Downloads\trainer_421_mm-twmtr.rar
2015-02-11 23:38 - 2015-02-11 23:38 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War ROME II.lnk
2015-02-11 23:38 - 2015-02-11 23:38 - 00000848 _____ () C:\Users\Public\Desktop\Total War ROME II.lnk
2015-02-11 23:13 - 2015-02-12 12:18 - 00000000 ____D () C:\Program Files (x86)\Total War ROME II
2015-02-11 21:52 - 2015-02-11 21:53 - 04770479 _____ () C:\Users\Jan\Downloads\F-Secure_ConfickerRemover.zip
2015-02-11 21:52 - 2015-02-11 21:53 - 00122080 _____ () C:\Users\Jan\Downloads\EConfickerRemover.exe
2015-02-11 21:45 - 2015-02-11 21:45 - 02402613 _____ () C:\Users\Jan\Downloads\BD_RemovalTooleSingleComputer.zip
2015-02-11 21:42 - 2015-02-11 21:52 - 00000000 ____D () C:\Users\Jan\Downloads\Total.War.ROME.II-RELOADED
2015-02-11 06:26 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 06:26 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 06:26 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 06:26 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 06:26 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 06:26 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 06:26 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 06:26 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 06:26 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 06:26 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 06:26 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 06:26 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 06:26 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 06:26 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 06:26 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 06:26 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 06:26 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 06:26 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 06:26 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 06:26 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 06:26 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 06:26 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 06:26 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 06:26 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 06:26 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 06:26 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 06:23 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 06:23 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 06:23 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 06:23 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 06:23 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 06:23 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 06:23 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 06:23 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 06:23 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 06:23 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 06:23 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 06:23 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 06:23 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 06:23 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 06:23 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 06:23 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 06:23 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 06:23 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 06:23 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 06:23 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 06:23 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 06:23 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 06:23 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 06:23 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 06:23 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 06:23 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 06:23 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 06:23 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 06:23 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 06:23 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 06:23 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 06:23 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 06:23 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 06:23 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 06:23 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 06:23 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 06:22 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 06:22 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 06:22 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 06:22 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 06:22 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 06:22 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 06:22 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 06:22 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-08 18:33 - 2015-02-08 18:34 - 130841848 _____ (Microsoft Corporation) C:\Users\Jan\Downloads\msert.exe
2015-02-08 18:21 - 2015-02-08 18:21 - 37987520 _____ (Microsoft Corporation) C:\Users\Jan\Downloads\Windows-KB890830-x64-V5.20.exe
2015-02-08 14:02 - 2015-02-08 14:02 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Lavasoft
2015-02-04 03:13 - 2015-02-04 03:13 - 00000000 ____D () C:\ProgramData\BitDefender
2015-02-04 03:00 - 2015-02-04 03:00 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2015-02-04 03:00 - 2014-10-09 10:09 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00156936 _____ () C:\WINDOWS\system32\bdfwcore.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2015-02-04 03:00 - 2014-10-09 10:08 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2015-02-04 02:58 - 2015-03-02 18:54 - 00002356 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-04 02:58 - 2015-02-04 02:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-04 02:57 - 2015-02-04 02:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-02-04 02:56 - 2015-02-04 02:56 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-04 02:54 - 2015-02-04 02:54 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-04 02:54 - 2015-02-04 02:54 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-04 02:53 - 2015-02-04 02:54 - 01924232 _____ () C:\Users\Jan\Downloads\Adaware_Installer.exe
2015-02-04 02:15 - 2015-02-04 02:15 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2015-02-04 02:15 - 2015-02-04 02:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 19:05 - 2013-08-22 15:46 - 00303277 _____ () C:\WINDOWS\setupact.log
2015-03-02 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-02 18:55 - 2014-11-22 01:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-02 18:55 - 2014-07-12 15:44 - 00000000 __RDO () C:\Users\Jan\OneDrive
2015-03-02 18:55 - 2013-11-29 04:22 - 00000000 ____D () C:\ProgramData\Energy Manager
2015-03-02 18:53 - 2014-03-18 08:20 - 00052420 _____ () C:\WINDOWS\PFRO.log
2015-03-02 18:53 - 2013-11-29 04:20 - 00045568 _____ () C:\WINDOWS\system32\VfService.trf
2015-03-02 18:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-02 18:53 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-02 18:52 - 2014-07-12 15:35 - 01455754 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-02 15:40 - 2014-07-12 15:44 - 00003962 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{25B3EB83-8C4D-46D7-819F-889657654F5D}
2015-02-28 13:02 - 2014-03-18 16:33 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-28 13:02 - 2014-03-18 15:54 - 00740962 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-28 13:02 - 2014-03-18 15:54 - 00152146 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-26 14:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-25 19:59 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins
2015-02-25 15:20 - 2014-03-12 10:43 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2489515568-810325039-2320951972-1001
2015-02-24 22:52 - 2014-09-22 13:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-24 22:51 - 2013-08-22 16:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-02-24 15:59 - 2014-03-12 07:29 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\BitTorrent
2015-02-22 18:44 - 2014-05-16 16:57 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2015-02-21 19:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-15 14:55 - 2014-03-14 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-02-15 14:50 - 2014-03-14 01:55 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-02-14 20:58 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-14 19:56 - 2013-08-22 15:44 - 00362520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 12:06 - 2014-03-11 21:12 - 00139907 _____ () C:\WINDOWS\DirectX.log
2015-02-11 09:55 - 2014-03-13 00:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 09:51 - 2014-03-12 10:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 09:41 - 2014-03-12 10:47 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 09:40 - 2014-12-12 03:33 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 09:40 - 2014-07-12 13:26 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-05 02:02 - 2014-06-05 01:30 - 00155136 ___SH () C:\Users\Jan\Downloads\Thumbs.db
2015-02-04 02:15 - 2014-03-12 10:44 - 00000000 ____D () C:\Users\Jan\AppData\Local\LSC
2015-02-04 02:15 - 2014-03-12 06:25 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LSC
2015-02-04 02:15 - 2013-11-29 04:20 - 00000000 ____D () C:\ProgramData\Lenovo
2015-02-04 02:15 - 2013-11-29 04:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-02-04 02:15 - 2013-11-29 04:15 - 00000000 ____D () C:\Program Files\Lenovo
2015-02-04 02:15 - 2013-11-29 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-02-04 02:12 - 2013-11-29 04:15 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2015-02-03 20:31 - 2014-12-12 03:36 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 03:36 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-06-01 15:28 - 2014-05-23 10:21 - 0000226 _____ () C:\Program Files (x86)\update-tropico5.bat
2014-06-01 15:28 - 2013-10-12 19:47 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2014-12-18 11:53 - 2015-01-18 01:29 - 0000004 _____ () C:\Users\Jan\AppData\Roaming\appdataFr2.bin
2014-09-18 12:40 - 2014-09-18 12:40 - 0000011 _____ () C:\Users\Jan\AppData\Roaming\facebooker.exe.ini
2015-02-24 22:53 - 2015-02-24 22:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-02 09:04




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:889.56 GB) (Free:667.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:9.97 GB) NTFS
Drive e: (TW_ROME_II) (CDROM) (Total:9.47 GB) (Free:0 GB) CDFS

Available physical RAM: 1519.09 MB
Total physical RAM: 3848.27 MB
Percentage of memory in use: 60%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 991EE6B4)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties

==================== Security Center ==================

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan\Desktop" je 131 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [Facebook Update] => C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-15] (Facebook Inc.)
C:\Users\Jan\AppData\Local\Facebook\Update
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\MountPoints2: {1994e440-a9ab-11e3-be75-a4db304be1a4} - "E:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
C:\ProgramData\DP45977C.lfl
C:\Users\Jan\AppData\Roaming\facebooker.exe.ini
C:\Users\Jan\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Jan at 2015-03-03 14:12:21 Run:2
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan & (Available profiles: Jan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\Run: [Facebook Update] => C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-15] (Facebook Inc.)
C:\Users\Jan\AppData\Local\Facebook\Update
HKU\S-1-5-21-2489515568-810325039-2320951972-1001\...\MountPoints2: {1994e440-a9ab-11e3-be75-a4db304be1a4} - "E:\setup.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
C:\ProgramData\DP45977C.lfl
C:\Users\Jan\AppData\Roaming\facebooker.exe.ini
C:\Users\Jan\AppData\Local\Temp
*****************

HKU\S-1-5-21-2489515568-810325039-2320951972-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.

"C:\Users\Jan\AppData\Local\Facebook\Update" directory move:

C:\Users\Jan\AppData\Local\Facebook\Update\FacebookUpdate.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll => Moved successfully.
C:\Users\Jan\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll => Moved successfully.
Could not move "C:\Users\Jan\AppData\Local\Facebook\Update" directory. => Scheduled to move on reboot.

"HKU\S-1-5-21-2489515568-810325039-2320951972-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1994e440-a9ab-11e3-be75-a4db304be1a4}" => Key deleted successfully.
HKCR\CLSID\{1994e440-a9ab-11e3-be75-a4db304be1a4} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
Could not move "C:\ProgramData\DP45977C.lfl" => Scheduled to move on reboot.
C:\Users\Jan\AppData\Roaming\facebooker.exe.ini => Moved successfully.
C:\Users\Jan\AppData\Local\Temp => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-03 14:14:23)<=

C:\Users\Jan\AppData\Local\Facebook\Update => Is moved successfully.
C:\ProgramData\DP45977C.lfl => Is moved successfully.

==== End of Fixlog 14:14:23 ====

Smazáno. Nastala nějaká změna?

Ne. Nic očividného. Před pár dny už jsem SinkHoleMessage odstraˇoval s Vaší pomocí a najednou, že ho posílám znovu. Je možné, že došlo znovu k infikaci z jiného ntb v síti?

I to je možné. Ještě porosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Vtipné. Ukazuje mi to, že to nelze spustit, protože Win 2000 nejsou podporovány. Přitom mám 64bitové Win 8

Přehlédl jsem, že máte win8.1. Na osmičkách by běžel, ale 8.1 nepodporuje. Udělejte tedy kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3. 3. 2015
Scan Time: 21:29:35
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.03.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386930
Time Elapsed: 11 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.GboxApp.A, C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.gboxapp.com/" ],), Replaced,[9b8761e01a70ed49a78a1df71ee84ab6]

Physical Sectors: 0
(No malicious items detected)

Nalezenou položku smažte.