Dobrý den, prosím o kontrlolu logu.

[roman_x]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:04:58, on 8.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Sabina\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: RtlISMServ - Realtek - C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 14261 bytes

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Poprosim o FRSTL http://forum.viry.cz/viewtopic.php?f=30&t=132520

[roman_x]

# AdwCleaner v3.003 - Report created 09/09/2013 at 10:09:54
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sabina - SABINA-HP
# Running from : C:\Users\Sabina\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\BS_Player
Folder Deleted : C:\Users\Sabina\AppData\Local\Conduit
Folder Deleted : C:\Users\Sabina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sabina\AppData\LocalLow\BS_Player

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{055DD326-956C-4827-9467-A172509E81B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14B82BFD-D33A-4863-BEBB-860B4DD1A7A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1792202-6254-4961-B219-7238B17A83C9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\BS_Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BS_Player Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\06metc7p.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5195 octets] - [09/09/2013 09:07:22]
AdwCleaner[S0].txt - [5056 octets] - [09/09/2013 10:09:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5116 octets] ##########

[roman_x]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013
Ran by Sabina (administrator) on SABINA-HP on 09-09-2013 10:17:44
Running from C:\Users\Sabina\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\windows\system32\vcsFPService.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Realtek) C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Realtek) C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtWlan.exe
(ArcSoft, Inc.) C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Development Company L.P.) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2941496 2011-03-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2710824 2011-04-18] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [627360 2011-05-10] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-05-10] (Atheros Commnucations)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-05-24] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-16] (IDT, Inc.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKCU\...\Run: [Facebook Update] - C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-14] (Facebook Inc.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-04-22] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [318520 2011-05-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DTRun] - c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [HPConnectionManager] - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] - c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-11-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-05-13] (BlueStack Systems, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B36EEC9E-E57D-4705-AD2A-54DD4511E177} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\06metc7p.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sabina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Lišta Centrum.cz - C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\06metc7p.default\Extensions\toolbar@centrumholdings.com
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (AVG Secure Search) - http://mysearch.avg.com/search?cid={38B ... 2013-08-09 11:00:15&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultSuggestURL: (AVG Secure Search) - http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Sabina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! WebRep) - C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (Skype Click to Call) - C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Sabina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-05-10] (Atheros)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-05-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-05-13] (BlueStack Systems, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [485712 2011-05-19] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-03-23] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [317496 2011-05-14] (Hewlett-Packard Company)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-05-24] ()
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-04-22] (PDF Complete Inc)
R2 RtlISMServ; C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [40960 2011-05-30] (Realtek)
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
S2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2011-03-07] (Xobni Corporation)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-05-13] (BlueStack Systems)
R3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [64512 2009-07-14] (Microsoft Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-05-10] (Hewlett-Packard Company)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158280 2011-05-25] (McAfee, Inc.)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2614520 2011-04-04] (Sunplus Technology)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-09 10:16 - 2013-09-09 10:16 - 00000000 ____D C:\Users\Sabina\AppData\Local\qb050F6A.74
2013-09-09 10:16 - 2013-09-08 23:29 - 01948948 _____ (Farbar) C:\Users\Sabina\Desktop\FRST64.exe
2013-09-09 09:07 - 2013-09-09 10:10 - 00000000 ____D C:\AdwCleaner
2013-09-09 09:05 - 2013-09-09 09:05 - 01037278 _____ C:\Users\Sabina\Downloads\adwcleaner.exe
2013-09-08 16:08 - 2013-09-08 16:08 - 00000000 ____D C:\Users\Sabina\AppData\Roaming\Malwarebytes
2013-09-08 16:08 - 2013-09-08 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 14:58 - 2013-09-08 14:58 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Sabina\Downloads\tdsskiller.exe
2013-09-08 14:53 - 2013-09-08 14:53 - 00029580 _____ C:\ComboFix.txt
2013-09-08 14:46 - 2013-09-09 10:12 - 00001014 _____ C:\windows\setupact.log
2013-09-08 14:46 - 2013-09-08 14:46 - 00002188 _____ C:\windows\PFRO.log
2013-09-08 14:46 - 2013-09-08 14:46 - 00000000 _____ C:\windows\setuperr.log
2013-09-08 12:57 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-08 12:57 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-08 12:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-08 12:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-08 12:57 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-08 12:57 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-08 12:57 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-08 12:56 - 2013-09-08 14:53 - 00000000 ____D C:\Qoobox
2013-09-08 12:56 - 2013-09-08 14:51 - 00000000 ____D C:\windows\erdnt
2013-09-08 12:54 - 2013-09-08 12:54 - 00003136 _____ C:\windows\System32\Tasks\{6D5030AA-977B-4A61-9B9B-346B689B089E}
2013-09-08 12:53 - 2013-09-08 12:56 - 05120615 ____R (Swearware) C:\Users\Sabina\Downloads\ComboFix.exe
2013-09-08 12:44 - 2013-09-08 14:46 - 00000336 _____ C:\windows\Tasks\HPCeeScheduleForSabina.job
2013-09-08 12:44 - 2013-09-08 12:44 - 00003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForSabina
2013-09-08 12:33 - 2013-09-08 15:06 - 00014263 _____ C:\Users\Sabina\Downloads\hijackthis.log
2013-09-08 12:33 - 2013-09-08 12:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabina\Downloads\hijackthis.exe
2013-09-04 20:35 - 2013-09-04 20:35 - 00000000 ____D C:\Users\Sabina\AppData\Roaming\SlrPlugins
2013-09-02 19:41 - 2013-09-02 19:42 - 03459586 _____ C:\Users\Sabina\Downloads\10-5ANGELS---Trapas-stoleti.wma
2013-08-25 12:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-08-25 12:12 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-25 12:12 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-25 12:12 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-08-25 12:12 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-08-25 12:12 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-08-25 12:12 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-08-25 12:12 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-08-25 12:12 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-08-25 12:12 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-08-25 12:12 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-08-22 00:07 - 2013-08-22 00:07 - 17737608 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-18 00:19 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-18 00:19 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-18 00:19 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-18 00:19 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-18 00:19 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-18 00:19 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-18 00:19 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-18 00:19 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-18 00:19 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-18 00:19 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-18 00:19 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-18 00:19 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-18 00:19 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-18 00:19 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 18:26 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-16 18:26 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-16 18:26 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-16 18:26 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-16 18:26 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-16 18:26 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-16 18:26 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2013-08-16 18:26 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-08-16 18:24 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-16 18:24 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-08-16 18:24 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-16 18:24 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-08-16 18:24 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-16 18:24 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-16 18:24 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-16 18:24 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-09 10:17 - 2013-09-09 10:17 - 00000000 ____D C:\FRST
2013-09-09 10:16 - 2013-09-09 10:16 - 00000000 ____D C:\Users\Sabina\AppData\Local\qb050F6A.74
2013-09-09 10:16 - 2012-01-28 04:47 - 01934780 _____ C:\windows\WindowsUpdate.log
2013-09-09 10:13 - 2011-12-07 23:55 - 00000000 ____D C:\ProgramData\PDFC
2013-09-09 10:12 - 2013-09-08 14:46 - 00001014 _____ C:\windows\setupact.log
2013-09-09 10:12 - 2012-05-25 20:02 - 00000948 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 10:12 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-09 10:10 - 2013-09-09 09:07 - 00000000 ____D C:\AdwCleaner
2013-09-09 10:09 - 2013-03-05 21:52 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-09 09:42 - 2012-08-14 12:37 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3528090780-1485140077-2287430500-1001UA.job
2013-09-09 09:12 - 2012-05-25 20:02 - 00000952 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-09 09:05 - 2013-09-09 09:05 - 01037278 _____ C:\Users\Sabina\Downloads\adwcleaner.exe
2013-09-08 23:29 - 2013-09-09 10:16 - 01948948 _____ (Farbar) C:\Users\Sabina\Desktop\FRST64.exe
2013-09-08 20:18 - 2009-07-14 06:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-08 20:18 - 2009-07-14 06:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-08 16:08 - 2013-09-08 16:08 - 00000000 ____D C:\Users\Sabina\AppData\Roaming\Malwarebytes
2013-09-08 16:08 - 2013-09-08 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-08 15:06 - 2013-09-08 12:33 - 00014263 _____ C:\Users\Sabina\Downloads\hijackthis.log
2013-09-08 14:58 - 2013-09-08 14:58 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Sabina\Downloads\tdsskiller.exe
2013-09-08 14:58 - 2011-12-07 22:24 - 00666444 _____ C:\windows\system32\perfh005.dat
2013-09-08 14:58 - 2011-12-07 22:24 - 00140108 _____ C:\windows\system32\perfc005.dat
2013-09-08 14:58 - 2009-07-14 07:13 - 01576554 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-08 14:53 - 2013-09-08 14:53 - 00029580 _____ C:\ComboFix.txt
2013-09-08 14:53 - 2013-09-08 12:56 - 00000000 ____D C:\Qoobox
2013-09-08 14:53 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-08 14:51 - 2013-09-08 12:56 - 00000000 ____D C:\windows\erdnt
2013-09-08 14:47 - 2012-05-25 16:15 - 00000000 ___RD C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-08 14:47 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-09-08 14:46 - 2013-09-08 14:46 - 00002188 _____ C:\windows\PFRO.log
2013-09-08 14:46 - 2013-09-08 14:46 - 00000000 _____ C:\windows\setuperr.log
2013-09-08 14:46 - 2013-09-08 12:44 - 00000336 _____ C:\windows\Tasks\HPCeeScheduleForSabina.job
2013-09-08 14:45 - 2009-07-14 04:34 - 72351744 _____ C:\windows\system32\config\software.bak
2013-09-08 14:45 - 2009-07-14 04:34 - 17563648 _____ C:\windows\system32\config\system.bak
2013-09-08 14:45 - 2009-07-14 04:34 - 00524288 _____ C:\windows\system32\config\default.bak
2013-09-08 14:45 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\security.bak
2013-09-08 14:45 - 2009-07-14 04:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2013-09-08 12:56 - 2013-09-08 12:53 - 05120615 ____R (Swearware) C:\Users\Sabina\Downloads\ComboFix.exe
2013-09-08 12:54 - 2013-09-08 12:54 - 00003136 _____ C:\windows\System32\Tasks\{6D5030AA-977B-4A61-9B9B-346B689B089E}
2013-09-08 12:45 - 2013-02-17 22:32 - 00000000 ____D C:\Users\Sabina\AppData\Local\CrashDumps
2013-09-08 12:45 - 2011-02-11 07:14 - 00000000 ____D C:\windows\Panther
2013-09-08 12:44 - 2013-09-08 12:44 - 00003192 _____ C:\windows\System32\Tasks\HPCeeScheduleForSabina
2013-09-08 12:42 - 2012-08-14 12:37 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3528090780-1485140077-2287430500-1001Core.job
2013-09-08 12:33 - 2013-09-08 12:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sabina\Downloads\hijackthis.exe
2013-09-08 12:33 - 2012-05-25 16:11 - 00000000 ____D C:\Users\Sabina\AppData\Local\VirtualStore
2013-09-08 12:30 - 2012-05-25 15:49 - 00000000 ____D C:\Users\Sabina
2013-09-08 12:29 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-08 12:16 - 2012-05-25 16:18 - 00000000 ____D C:\Users\Sabina\Documents\Bluetooth Folder
2013-09-08 09:46 - 2012-06-09 21:01 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-09-08 09:45 - 2013-02-17 14:53 - 00000000 _____ C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-07 23:56 - 2012-05-29 18:34 - 00000000 ____D C:\Users\Sabina\AppData\Roaming\Skype
2013-09-07 23:20 - 2012-05-25 20:03 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-04 20:35 - 2013-09-04 20:35 - 00000000 ____D C:\Users\Sabina\AppData\Roaming\SlrPlugins
2013-09-02 19:42 - 2013-09-02 19:41 - 03459586 _____ C:\Users\Sabina\Downloads\10-5ANGELS---Trapas-stoleti.wma
2013-08-22 15:12 - 2012-05-25 20:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-22 00:08 - 2013-03-05 21:52 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-22 00:08 - 2013-03-05 21:52 - 00003852 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-22 00:08 - 2011-12-07 23:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-22 00:07 - 2013-08-22 00:07 - 17737608 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 22:22 - 2013-08-20 22:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 17:50 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache
2013-08-18 00:13 - 2013-02-07 23:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-18 00:12 - 2013-07-23 10:10 - 00000000 ____D C:\windows\system32\MRT
2013-08-18 00:10 - 2012-07-21 12:52 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-16 18:14 - 2012-05-29 18:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-16 18:14 - 2012-01-28 05:15 - 00000000 ____D C:\ProgramData\Skype

Files to move or delete:
====================
C:\Users\Sabina\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



==================== Alternate Data Streams (whitelisted) ====


==================== Loaded Modules (whitelisted) ============

2009-07-14 02:24 - 2009-07-14 03:40 - 00189440 _____ (Microsoft Corporation) C:\windows\ehome\ehtrace.dll
2011-04-18 21:40 - 2011-04-18 21:40 - 00411432 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-04-18 21:40 - 2011-04-18 21:40 - 00225576 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2013-06-16 09:45 - 2013-06-16 09:43 - 00672256 ____N (IDT, Inc.) C:\windows\system32\stapi64.dll
2013-02-10 13:39 - 2013-02-10 13:39 - 00113056 _____ (Hewlett-Packard Development Company L.P.) C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
2013-02-10 13:39 - 2013-02-10 13:39 - 00092576 _____ (Hewlett-Packard Development Company L.P.) C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
2011-03-18 01:09 - 2011-03-18 01:09 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2012-08-10 16:48 - 2012-08-10 16:48 - 00015776 _____ ( ) C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll
2011-10-26 09:58 - 2011-10-26 09:58 - 00294912 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2011-10-26 09:58 - 2011-10-26 09:58 - 00180224 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 23:51 - 2009-01-20 23:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2011-02-10 01:39 - 2011-02-10 01:39 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-05-04 19:53 - 2011-05-04 19:53 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-10-26 10:01 - 2011-10-26 10:01 - 00027648 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2011-10-26 10:00 - 2011-10-26 10:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-18 01:08 - 2011-03-18 01:08 - 00097336 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2011-03-18 01:09 - 2011-03-18 01:09 - 00028728 _____ (Root-Project) C:\Program Files\Hewlett-Packard\HP Power Assistant\LocalizeExtension.dll
2011-03-17 01:43 - 2011-03-17 01:43 - 00007168 _____ ( ) C:\Program Files\Hewlett-Packard\HP Power Assistant\SDKCOMServerLib.dll
2011-03-18 01:08 - 2011-03-18 01:08 - 00046136 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2011-12-07 23:57 - 2010-12-13 23:49 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-03-01 02:48 - 2011-03-01 02:48 - 00869888 _____ (HP) C:\Program Files\Hewlett-Packard\HP Power Assistant\HP.SupportFramework.dll
2011-05-23 21:53 - 2011-05-23 21:53 - 00067128 _____ ( ) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\Interop.hpCMSrv.dll
2011-04-08 19:57 - 2011-04-08 19:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2011-04-08 19:57 - 2011-04-08 19:57 - 00174080 _____ (http://sqlite.phxsoftware.com) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.Linq.dll
2013-08-20 16:39 - 2013-08-20 16:39 - 00155136 _____ (CodeTitans) C:\windows\assembly\NativeImages_v2.0.50727_32\JSON\45fbb7f9f303821b147e125742cf15ea\JSON.ni.dll
2013-08-20 22:22 - 2013-08-20 22:22 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-12-07 23:57 - 2011-03-16 21:26 - 00309872 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\WrapI2C.dll
2011-12-07 23:57 - 2011-03-16 21:26 - 00105072 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\null.dll
2011-12-07 23:57 - 2011-03-16 21:26 - 00133744 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\smsc.dll
2011-12-07 23:57 - 2011-03-16 21:26 - 00252528 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_nv2.dll
2011-12-07 23:57 - 2011-03-16 21:26 - 00133744 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_intel.dll
2011-12-07 23:57 - 2011-03-16 21:26 - 00158320 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdi_ati2.dll
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

==================== Scheduled Tasks (whitelisted) ===========

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3528090780-1485140077-2287430500-1001Core.job => C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3528090780-1485140077-2287430500-1001UA.job => C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForSabina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Supplementary Scan (All) ================


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"MSVideo8"="VfWWDM32.dll"
"wave2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"


==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:575.73 GB) (Free:514.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15.15 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:2.1 GB) FAT32

Available physical RAM: 1719.7 MB
Total physical RAM: 3552.12 MB
Percentage of memory in use: 51%

LastRegBack: 2013-09-01 22:31

==================== End Of Log ==============================

[vyosek]

Co jste tam provadel s ComboFixem Umite s nim pracovat

[roman_x]

Včera jsem s ním zkoušel projet počítač.

[vyosek]

Ke ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

[roman_x]

Děkuji za informace.
Naštěstí snad jsem nezpůsobil včera žádné škody. Není to můj PC dcera měla podezření že tam něco má.
Neměla zaplý žádný antivír (avast starý a nefunkční).
Avast našel dva soubory viz. příloha.
Pak jsem ho ještě nechal projet avastem přes noc celý NTB před zavedením systému.

[vyosek]

Dejte mi sem tedy log CF, mel by byt c:\combofix.txt

[roman_x]

ComboFix 13-09-06.01 - Sabina 08.09.2013 12:59:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3552.1375 [GMT 2:00]
Spuštěný z: C:\Users\Sabina\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Sabina\AppData\Local\Temp
C:\Users\Sabina\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Sabina\AppData\Local\Temp\AdobeARM.log
C:\Users\Sabina\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set
C:\Users\Sabina\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.fingerprint
C:\Users\Sabina\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json
C:\Users\Sabina\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\Sabina\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\Sabina\AppData\Local\Temp\Low\16825761111194662.tmp
C:\Users\Sabina\AppData\Local\Temp\Low\339705145811194584.tmp
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\ftconfig.ini
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\mcbrwsr2.dll
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes.dll
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\McInstallerRes_LD.dll
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\McInstallerStartup.dll
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\McUICnt.exe
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\SecurityScanner.dll
C:\Users\Sabina\AppData\Local\Temp\MSS\3.0.318.3\uninstaller.ini
C:\Users\Sabina\AppData\Local\Temp\nsz4B37.tmp\ccsetup.exe
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\jquery-1.5.1.min.js
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\jquery-1.8.1.min.js
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\JQueyExtensions.js
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\uninstall_cp.css
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Uninstall_cp.html
C:\Users\Sabina\AppData\Local\Temp\UninstallRes\ClientPackage\Uninstall_cp_step2.html


((((((((((((((((((((((((( Soubory vytvořené od 2013-08-08 do 2013-09-08 )))))))))))))))))))))))))))))))


2013-09-08 10:43:36 . 2013-09-08 10:43:40 -------- d-----w- C:\Program Files\CCleaner
2013-09-07 21:55:58 . 2013-09-08 10:33:20 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{248D1C86-3464-4B4F-8167-EC9E1D00CB4D}\offreg.dll
2013-09-07 21:12:27 . 2013-08-06 08:58:35 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{248D1C86-3464-4B4F-8167-EC9E1D00CB4D}\mpengine.dll
2013-09-04 18:35:00 . 2013-09-04 18:35:00 -------- d-----w- C:\Users\Sabina\AppData\Roaming\SlrPlugins
2013-08-25 10:13:00 . 2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-25 10:12:58 . 2013-07-09 06:03:30 5550528 ----a-w- C:\windows\system32\ntoskrnl.exe
2013-08-25 10:12:58 . 2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-25 10:12:57 . 2013-07-09 05:54:22 1732032 ----a-w- C:\windows\system32\ntdll.dll
2013-08-25 10:12:57 . 2013-07-09 05:53:12 243712 ----a-w- C:\windows\system32\wow64.dll
2013-08-25 10:12:57 . 2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-25 10:12:56 . 2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-25 10:12:55 . 2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-25 10:12:54 . 2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-25 10:12:54 . 2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-25 10:12:54 . 2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-21 22:07:50 . 2013-08-21 22:07:51 17737608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-16 16:26:08 . 2013-07-09 05:52:52 224256 ----a-w- C:\windows\system32\wintrust.dll
2013-08-16 16:26:08 . 2013-07-09 05:46:20 1472512 ----a-w- C:\windows\system32\crypt32.dll
2013-08-16 16:26:08 . 2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-16 16:26:07 . 2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-16 16:26:05 . 2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-16 16:26:04 . 2013-07-09 05:46:20 184320 ----a-w- C:\windows\system32\cryptsvc.dll
2013-08-16 16:26:04 . 2013-07-09 05:46:20 139776 ----a-w- C:\windows\system32\cryptnet.dll
2013-08-16 16:26:04 . 2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-16 16:24:49 . 2013-07-19 01:58:42 2048 ----a-w- C:\windows\system32\tzres.dll
2013-08-16 16:24:48 . 2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-16 16:24:36 . 2013-07-25 09:25:54 1888768 ----a-w- C:\windows\system32\WMVDECOD.DLL
2013-08-16 16:24:35 . 2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-08-16 16:24:34 . 2013-07-09 05:51:16 1217024 ----a-w- C:\windows\system32\rpcrt4.dll
2013-08-16 16:24:33 . 2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-08-16 16:24:32 . 2013-06-15 04:32:16 39936 ----a-w- C:\windows\system32\drivers\tssecsrv.sys
2013-08-16 16:24:31 . 2013-07-06 06:03:53 1910208 ----a-w- C:\windows\system32\drivers\tcpip.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-08-21 22:08:02 . 2013-03-05 19:52:54 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 22:08:01 . 2011-12-07 21:56:46 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-17 22:10:41 . 2012-07-21 10:52:04 78161360 ----a-w- C:\windows\system32\MRT.exe
2013-07-09 04:45:07 . 2013-08-25 10:12:56 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-06-16 08:11:53 . 2013-06-16 08:12:09 228008 ----a-w- C:\windows\system32\drivers\amdxhc.sys
2013-06-16 08:11:53 . 2013-06-16 08:12:08 107688 ----a-w- C:\windows\system32\drivers\amdhub30.sys
2013-06-16 08:03:42 . 2013-06-16 08:05:03 74344 ----a-w- C:\windows\system32\RtNicProp64.dll
2013-06-16 08:03:42 . 2013-06-16 08:05:02 708200 ----a-w- C:\windows\system32\drivers\Rt64win7.sys
2013-06-16 08:03:42 . 2011-12-07 22:22:51 107552 ----a-w- C:\windows\system32\RTNUninst64.dll
2013-06-16 07:45:47 . 2013-06-16 07:45:50 175928 ----a-w- C:\windows\system32\drivers\jmcr.sys
2013-06-16 07:43:56 . 2013-06-16 07:45:04 543744 ----a-w- C:\windows\system32\drivers\stwrt64.sys
2013-06-16 07:43:55 . 2012-01-28 03:14:56 6102016 ----a-w- C:\windows\system32\stlang64.dll
2013-06-16 07:43:55 . 2012-01-28 03:14:56 1664000 ----a-w- C:\windows\sttray64.exe
2013-06-16 07:43:54 . 2013-06-16 07:45:03 499200 ----a-w- C:\windows\system32\stcplx64.dll
2013-06-16 07:43:54 . 2013-06-16 07:45:02 2188800 ----a-w- C:\windows\system32\stapo64.dll
2013-06-16 07:43:53 . 2013-06-16 07:45:02 672256 ------w- C:\windows\system32\stapi64.dll
2013-06-16 07:43:53 . 2013-06-16 07:45:01 255488 ----a-w- C:\windows\system32\st646428.dll
2013-06-16 07:43:52 . 2012-01-28 03:14:56 2214912 ----a-w- C:\windows\system32\IDTNX.dll
2013-06-16 07:43:51 . 2012-01-28 03:14:56 8013312 ----a-w- C:\windows\system32\IDTNHP.dll
2013-06-16 07:43:51 . 2012-01-28 03:14:56 8003072 ----a-w- C:\windows\system32\IDTNGUI.exe
2013-06-16 07:43:51 . 2012-01-28 03:14:56 253952 ----a-w- C:\windows\system32\IDTNJ.exe
2013-06-16 07:43:50 . 2012-01-28 03:14:56 1821184 ----a-w- C:\windows\system32\IDTNC64.cpl
2013-06-16 07:43:49 . 2012-01-28 03:14:57 74336 ----a-w- C:\windows\system32\AESTAR64.dll
2013-06-16 07:43:49 . 2012-01-28 03:14:57 442368 ----a-w- C:\windows\system32\AESTEC64.dll
2013-06-16 07:43:49 . 2012-01-28 03:14:57 224256 ----a-w- C:\windows\system32\HPToneCtrls64.dll
2013-06-16 07:43:49 . 2012-01-28 03:14:57 200288 ----a-w- C:\windows\system32\AESTAC64.dll
2013-06-16 07:43:49 . 2012-01-28 03:14:56 90624 ----a-w- C:\windows\system32\AESTCo64.dll
2013-06-16 07:10:23 . 2013-06-16 07:10:32 82560 ----a-w- C:\windows\system32\drivers\amd_sata.sys
2013-06-16 07:10:23 . 2013-06-16 07:10:32 42624 ----a-w- C:\windows\system32\drivers\amd_xata.sys


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))


*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files (x86)\BS_Player\prxtbBS_P.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\BS_Player\prxtbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files (x86)\BS_Player\prxtbBS_P.dll" [2011-05-09 08:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-14 10:37:15 138096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe" [2011-04-22 01:07:34 658424]
"QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-14 04:57:56 318520]
"File Sanitizer"="C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-05-09 22:28:26 12277248]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 08:25:52 343168]
"DTRun"="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2010-11-24 19:00:06 517456]
"HPConnectionManager"="c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 19:46:20 103992]
"HPQuickWebProxy"="c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-11-21 21:47:10 169528]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-08-21 09:12:26 4282728]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" [2013-05-13 11:21:42 601928]

C:\Users\Sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43:12 75320 ----a-w- C:\Windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli

R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;C:\Program Files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe;C:\Program Files (x86)\Xobni\XobniService.exe [x]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 DAMDrv;DAMDrv;C:\windows\system32\DRIVERS\DAMDrv64.sys;C:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\Windows\SysWOW64\flcdlock.exe;c:\Windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys;C:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;C:\windows\system32\drivers\amd_sata.sys;C:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\windows\system32\drivers\amd_xata.sys;C:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe;C:\Program Files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe;C:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys;C:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe;C:\windows\SYSNATIVE\Hpservice.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 RtlISMServ;RtlISMServ;C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe;C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtlService.exe [x]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 uArcCapture;ArcCapture;C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\system32\vcsFPService.exe;C:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\amdhub30.sys;C:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\amdxhc.sys;C:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\system32\DRIVERS\ArcSoftVCapture.sys;C:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys;C:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys;C:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys;C:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys;C:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys;C:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys;C:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys;C:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys;C:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthMtpEnum;Modul pro výčet zařízení Bluetooth MTP;C:\windows\system32\DRIVERS\BthMtpEnum.sys;C:\windows\SYSNATIVE\DRIVERS\BthMtpEnum.sys [x]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys;C:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\SPUVCbv_x64.sys;C:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-07 21:01:24 1177552 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

Obsah adresáře 'Naplánované úlohy'

2013-09-08 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 19:52:54 . 2013-08-21 22:08:02]

2013-09-08 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3528090780-1485140077-2287430500-1001Core.job
- C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-14 10:37:23 . 2012-08-14 10:37:15]

2013-09-08 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3528090780-1485140077-2287430500-1001UA.job
- C:\Users\Sabina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-14 10:37:23 . 2012-08-14 10:37:15]

2013-09-08 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 18:02:51 . 2012-05-25 18:02:47]

2013-09-08 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-25 18:02:51 . 2012-05-25 18:02:47]

2013-09-08 C:\windows\Tasks\HPCeeScheduleForSabina.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15:40 . 2010-09-14 06:15:40]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11:57 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-03-17 23:06:06 13880]
"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [2011-05-10 02:27:56 627360]
"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-05-10 02:27:54 379552]
"MfeEpePcMonitor"="C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2011-05-24 21:56:36 200704]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2013-06-16 07:43:55 1664000]
"NUSB3MON"="C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 08:41:04 97280]

------- Doplňkový sken -------

uStart Page = hxxp://www.google.cz/
uLocal Page = C:\windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - C:\Users\Sabina\AppData\Roaming\Mozilla\Firefox\Profiles\06metc7p.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*€ *]
@="\010\01"

[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"

[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\* ]
@="?"

[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Jiné spuštené procesy ------------------------

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Program Files (x86)\Hewlett-Packard\HP Internet Sharing Manager\HP_UI\RtWlan.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

**************************************************************************

Celkový čas: 2013-09-08 14:53:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-08 12:53:23

Před spuštěním: Volných bajtů: 554 878 001 152
Po spuštění: Volných bajtů: 553 805 398 016

- - End Of File - - D1CF4FD99157B560AF7F67388736455A
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte