Prosím o kontrolu PC

[Baza18]

Dobrý den, prosím Vás o kontrolu logu, předem děkuji.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 01
Ran by Lukáš (administrator) on LUKAS-PC on 16-04-2014 18:43:13
Running from C:\Users\Lukáš\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-05-26] (Alcor Micro Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1016992 2012-01-19] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-01-19] (Atheros Commnucations)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5138032 2012-04-02] (VIA)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-07] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SafeQ Client] => C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [259072 2012-07-20] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-11] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\f89750dc-0e6d-4050-8d90-1de77a61279e.exe /check [181136 2014-04-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3170225152-4115186386-2096569644-1001\...\Run: [DAEMON Tools Lite] => D:\Programy\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3170225152-4115186386-2096569644-1001\...\MountPoints2: {75ce7a70-22b9-11e2-b542-0008cafaa56b} - G:\ICM_ML.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {49014BE3-BD15-4ADA-AF15-3B74100A6E66} URL = http://websearch.ask.com/redirect?clien ... D7F5C44245
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 147.230.16.140 147.230.16.1

FireFox:
========
FF ProfilePath: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: http://www.seznam.cz
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\searchplugins\askcom.xml
FF Extension: Adblock Plus - C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-06]
FF StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-11]
CHR Extension: (Peněženka Google) - C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [92800 2011-12-01] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-11] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-03-23] (VIA Technologies, Inc.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-26] ()
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows (R) Win 7 DDK provider)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-11] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-11] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-23] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 18:43 - 2014-04-16 18:43 - 00020600 _____ () C:\Users\Lukáš\Desktop\FRST.txt
2014-04-16 18:42 - 2014-04-16 18:43 - 00000000 ____D () C:\FRST
2014-04-16 18:42 - 2014-04-16 18:42 - 02158080 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2014-04-15 00:39 - 2014-04-15 00:40 - 03972608 _____ () C:\Users\Lukáš\Downloads\RogueKiller.exe
2014-04-14 18:09 - 2014-04-14 19:29 - 727027176 _____ () C:\Users\Lukáš\Downloads\Lolita-CZ-dabing.avi
2014-04-13 19:49 - 2014-04-13 19:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 19:49 - 2014-04-13 19:48 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 19:48 - 2014-04-13 19:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 19:48 - 2014-04-13 19:48 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 19:48 - 2014-04-13 19:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 19:48 - 2014-04-13 19:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-12 17:24 - 2014-04-12 17:24 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\DropboxMaster
2014-04-12 17:23 - 2014-04-12 17:24 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-12 17:23 - 2014-04-12 17:24 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\Dropbox
2014-04-12 17:21 - 2014-04-12 17:21 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\AVAST Software
2014-04-12 17:19 - 2014-04-12 17:19 - 00000000 ___RD () C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-11 18:38 - 2014-04-11 18:38 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-11 18:38 - 2014-04-11 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-11 18:36 - 2014-04-11 18:38 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-11 18:36 - 2014-04-11 18:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-09 12:48 - 2014-04-09 12:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lukáš\Downloads\mbam-setup-1.75.0.1300.exe
2014-04-08 15:57 - 2014-04-09 13:07 - 00080384 _____ () C:\Users\Lukáš\Desktop\Nový Prezentace aplikace Microsoft PowerPoint.ppt
2014-04-05 09:51 - 2014-04-05 09:51 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\{2CFFE34B-2777-4EE5-80BA-A80078A0FF5D}
2014-04-03 15:29 - 2014-04-03 16:20 - 483826183 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x16---31.12.2012.mp4
2014-04-02 16:51 - 2014-04-02 17:44 - 509881501 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x15---22.12.2012.mp4
2014-04-02 15:41 - 2014-04-02 16:30 - 467085147 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x14---15.12.2012.mp4
2014-04-01 23:24 - 2014-04-02 00:10 - 438465730 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x13---8.12.2012.mp4
2014-04-01 10:53 - 2014-04-01 11:36 - 416922164 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x12---1.12.2012.mp4
2014-03-31 22:19 - 2014-03-31 23:11 - 492666853 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x11---24.11.2012.mp4
2014-03-31 13:07 - 2014-03-31 13:52 - 410383349 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x10---10.11.2012.mp4
2014-03-30 23:33 - 2014-03-31 00:22 - 468600259 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x09---3.11.2012.mp4
2014-03-30 18:39 - 2014-03-30 19:22 - 410345307 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x08---27.10.2012.mp4
2014-03-29 23:36 - 2014-03-30 00:19 - 399767722 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x06---12.10.2012.mp4
2014-03-29 22:49 - 2014-03-29 23:33 - 421045257 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x07---20.10.2012.mp4
2014-03-28 23:05 - 2014-03-28 23:46 - 397577622 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x05---6.10.2012.mp4
2014-03-28 21:30 - 2014-03-28 22:14 - 414217148 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x04---29.9.2012.mp4
2014-03-27 01:53 - 2014-03-27 01:53 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf494e929b3149.job
2014-03-26 15:00 - 2014-03-26 15:45 - 437762627 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x03---22.9.2012.mp4
2014-03-26 14:13 - 2014-03-26 14:57 - 421328365 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x02---15.9.2012.mp4
2014-03-24 23:54 - 2014-03-28 18:47 - 00000000 ____D () C:\Users\Lukáš\Desktop\Firemní komunikace
2014-03-21 13:18 - 2014-03-21 13:18 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\{CECD1844-29D9-4012-9913-E7C142DB2B03}

==================== One Month Modified Files and Folders =======

2014-04-16 18:43 - 2014-04-16 18:43 - 00020600 _____ () C:\Users\Lukáš\Desktop\FRST.txt
2014-04-16 18:43 - 2014-04-16 18:42 - 00000000 ____D () C:\FRST
2014-04-16 18:42 - 2014-04-16 18:42 - 02158080 _____ (Farbar) C:\Users\Lukáš\Desktop\FRST64.exe
2014-04-16 17:51 - 2012-02-24 13:40 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-16 17:50 - 2012-10-02 20:39 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 16:34 - 2012-07-05 11:05 - 01801932 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 14:22 - 2013-07-08 15:26 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\BitTorrent
2014-04-16 14:21 - 2012-10-23 17:09 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\CrashDumps
2014-04-16 07:45 - 2011-02-19 07:36 - 00672408 _____ () C:\Windows\system32\perfh005.dat
2014-04-16 07:45 - 2011-02-19 07:36 - 00142972 _____ () C:\Windows\system32\perfc005.dat
2014-04-16 07:45 - 2009-07-14 07:13 - 01593238 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 06:45 - 2012-09-27 17:30 - 00000380 _____ () C:\Users\Lukáš\AppData\Roaming\sp_data.sys
2014-04-15 23:52 - 2012-11-27 19:44 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-04-15 00:40 - 2014-04-15 00:39 - 03972608 _____ () C:\Users\Lukáš\Downloads\RogueKiller.exe
2014-04-14 19:29 - 2014-04-14 18:09 - 727027176 _____ () C:\Users\Lukáš\Downloads\Lolita-CZ-dabing.avi
2014-04-13 19:57 - 2012-10-02 20:39 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-13 19:57 - 2012-10-02 20:39 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-13 19:52 - 2012-10-02 20:29 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\Adobe
2014-04-13 19:49 - 2014-04-13 19:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-13 19:48 - 2014-04-13 19:49 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-13 19:48 - 2014-04-13 19:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-13 19:48 - 2014-04-13 19:48 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-13 19:48 - 2014-04-13 19:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-13 19:48 - 2014-04-13 19:48 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-12 17:27 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-12 17:27 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-12 17:24 - 2014-04-12 17:24 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\DropboxMaster
2014-04-12 17:24 - 2014-04-12 17:23 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-12 17:24 - 2014-04-12 17:23 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\Dropbox
2014-04-12 17:21 - 2014-04-12 17:21 - 00000000 ____D () C:\Users\Lukáš\AppData\Roaming\AVAST Software
2014-04-12 17:19 - 2014-04-12 17:19 - 00000000 ___RD () C:\Users\Lukáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-12 17:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 18:39 - 2012-10-06 21:19 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-11 18:38 - 2014-04-11 18:38 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-11 18:38 - 2014-04-11 18:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-11 18:38 - 2014-04-11 18:36 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-11 18:38 - 2014-04-11 18:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-11 18:38 - 2012-10-06 21:19 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-11 18:38 - 2012-10-06 21:18 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-11 18:38 - 2012-10-06 21:18 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-11 18:38 - 2012-10-06 21:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-11 18:38 - 2012-10-06 21:18 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-11 18:36 - 2012-10-06 21:18 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-04-11 18:36 - 2012-10-06 21:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-11 06:41 - 2009-07-14 04:34 - 00000736 _____ () C:\Windows\win.ini
2014-04-11 06:38 - 2013-07-18 11:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 06:34 - 2013-04-18 10:00 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 13:07 - 2014-04-08 15:57 - 00080384 _____ () C:\Users\Lukáš\Desktop\Nový Prezentace aplikace Microsoft PowerPoint.ppt
2014-04-09 12:48 - 2014-04-09 12:48 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lukáš\Downloads\mbam-setup-1.75.0.1300.exe
2014-04-08 14:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-05 09:51 - 2014-04-05 09:51 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\{2CFFE34B-2777-4EE5-80BA-A80078A0FF5D}
2014-04-03 18:11 - 2012-10-02 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 16:20 - 2014-04-03 15:29 - 483826183 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x16---31.12.2012.mp4
2014-04-03 00:48 - 2013-11-04 23:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-02 17:44 - 2014-04-02 16:51 - 509881501 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x15---22.12.2012.mp4
2014-04-02 16:30 - 2014-04-02 15:41 - 467085147 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x14---15.12.2012.mp4
2014-04-02 00:10 - 2014-04-01 23:24 - 438465730 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x13---8.12.2012.mp4
2014-04-01 11:36 - 2014-04-01 10:53 - 416922164 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x12---1.12.2012.mp4
2014-03-31 23:11 - 2014-03-31 22:19 - 492666853 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x11---24.11.2012.mp4
2014-03-31 14:00 - 2013-09-27 15:25 - 00000000 ____D () C:\Users\Lukáš\Desktop\Diplomka
2014-03-31 13:52 - 2014-03-31 13:07 - 410383349 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x10---10.11.2012.mp4
2014-03-31 00:22 - 2014-03-30 23:33 - 468600259 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x09---3.11.2012.mp4
2014-03-30 19:22 - 2014-03-30 18:39 - 410345307 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x08---27.10.2012.mp4
2014-03-30 00:19 - 2014-03-29 23:36 - 399767722 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x06---12.10.2012.mp4
2014-03-29 23:33 - 2014-03-29 22:49 - 421045257 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x07---20.10.2012.mp4
2014-03-28 23:46 - 2014-03-28 23:05 - 397577622 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x05---6.10.2012.mp4
2014-03-28 22:14 - 2014-03-28 21:30 - 414217148 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x04---29.9.2012.mp4
2014-03-28 18:47 - 2014-03-24 23:54 - 00000000 ____D () C:\Users\Lukáš\Desktop\Firemní komunikace
2014-03-27 01:53 - 2014-03-27 01:53 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf494e929b3149.job
2014-03-26 15:45 - 2014-03-26 15:00 - 437762627 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x03---22.9.2012.mp4
2014-03-26 14:57 - 2014-03-26 14:13 - 421328365 _____ () C:\Users\Lukáš\Downloads\Farmar-hlada-zenu-3x02---15.9.2012.mp4
2014-03-21 14:05 - 2014-02-26 15:25 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\Windows Live
2014-03-21 13:30 - 2014-02-16 14:42 - 00000993 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-21 13:18 - 2014-03-21 13:18 - 00000000 ____D () C:\Users\Lukáš\AppData\Local\{CECD1844-29D9-4012-9913-E7C142DB2B03}
2014-03-20 00:14 - 2013-03-13 04:03 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 00:14 - 2013-03-13 04:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 15:22 - 2013-05-06 11:42 - 00000000 ____D () C:\Users\Lukáš\Desktop\CV

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 14:59

==================== End Of Log ============================

[Roli]

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.


Pak použij Mbam z mého podpisu a také mi sem z něj dej log, předem nic nemazat !

[Baza18]

ahoj, posílám zatím adw cleaner report, mbam bude následovat hned po dokončení skenu
# AdwCleaner v3.024 - Report created 19/04/2014 at 11:29:21
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lukáš - LUKAS-PC
# Running from : C:\Users\Lukáš\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\searchplugins\Askcom.xml
File Found : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\searchplugins\buenosearch.xml
File Found : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\user.js
Folder Found C:\ProgramData\Ask
Folder Found C:\Users\Lukáš\AppData\Roaming\OpenCandy

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\prefs.js ]

Line Found : user_pref("extensions.crossrider.bic", "14579129bb2d33f156473370ec3e1d40");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3156 octets] - [19/04/2014 11:29:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3216 octets] ##########

[Baza18]

zde je MBAM report:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19.4.2014
Scan Time: 13:31:57
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.19.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LukA!A!

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285490
Time Elapsed: 30 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\DEFAULT TAB, , [78b9280491ea74c2992ab7ca51b128d8],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3170225152-4115186386-2096569644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [9c95210b97e47db972dc1b7b52b133cd],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3170225152-4115186386-2096569644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [d55c05271863989e0b7f773250b37789],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3170225152-4115186386-2096569644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB, , [a190f83496e550e683412f524ab841bf],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3170225152-4115186386-2096569644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [54dddc503b40b28440a9e5875aa84fb1],

Registry Values: 2
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\DEFAULT TAB|Version, 2.0.14.0, , [78b9280491ea74c2992ab7ca51b128d8]
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-3170225152-4115186386-2096569644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEFAULT TAB|Version, 2.0.14.0, , [a190f83496e550e683412f524ab841bf]

Registry Data: 1
Hijack.StartPage, HKU\S-1-5-21-3170225152-4115186386-2096569644-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5221, Good: (http://www.google.com), Bad: (http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5221),,[bd7466c60279b680372a6fb9af55bc44]

Folders: 16
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy, , [939e61cb98e39b9b4e441648d9295ea2],
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy\DF015ABB93064A23A7C838221CB40267, , [939e61cb98e39b9b4e441648d9295ea2],
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy\OpenCandy_DF015ABB93064A23A7C838221CB40267, , [939e61cb98e39b9b4e441648d9295ea2],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\defaults, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\defaults\preferences, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\userCode, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\locale, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\locale\en-US, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin, , [ad84b775fa81ec4a12540f551ce6837d],

Files: 116
PUP.Optional.OneClickDownloader.A, C:\Users\LukA!A!\Downloads\Captain_America_The_Winter_Soldier_2014_CAM_XviD_SUMO (1).exe, , [ac85b07c2655191d0dcc58b43fc29070],
PUP.Optional.OneClickDownloader.A, C:\Users\LukA!A!\Downloads\Captain_America_The_Winter_Soldier_2014_CAM_XviD_SUMO.exe, , [3cf5b17bef8cb48210c97399659c09f7],
PUP.Optional.BuenoSearch.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\searchplugins\buenosearch.xml, , [76bb2c00d7a4e155a1e2353e57abee12],
PUP.Optional.OpenCandy, C:\Users\LukA!A!\AppData\Roaming\OpenCandy\DF015ABB93064A23A7C838221CB40267\PCSU_SL_3.1.2.exe, , [939e61cb98e39b9b4e441648d9295ea2],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome.manifest, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\install.rdf, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\background.html, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\baseObject.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\browser.xul, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\dialog.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\ffCoreFilesIndex.txt, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\main.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\options.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\options.xul, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\platformVersion.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\search_dialog.xul, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\asyncDB.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\background.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\browserAction.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\contextMenu.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\dbManager.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\dom_bg.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\fileManager.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\firefox.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\firefoxNotifications.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\firefoxOmnibox.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\message.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\pageAction.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\request.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\tabs.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\webRequest.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\api\windowsMessagingHandler.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\addressBarChangeObserver.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\console.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\consts.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\delegate.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\extensionDataStore.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\folderIOWrapper.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\httpObserver.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\IDBWrapper.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\installer.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\logFile.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\prefs.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\progressListenerObserver.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\registry.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\reloadObserver.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\reports.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\requestObject.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\searchSettings.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\uninstallObserver.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\updateManager.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\utils.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\chrome\content\core\xhr.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\defaults\preferences\prefs.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\manifest.xml, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins.json, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1000020.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1000025.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\1000030.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\102.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\103.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\104.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\123.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\13.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\14.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\155.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\16.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\17.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\175.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\177.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\180.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\182.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\183.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\190.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\193.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\195.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\207.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\21.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\22.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\220.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\223.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\246.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\28.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\4.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\47.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\64.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\7.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\72.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\78.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\9.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\91.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\93.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\plugins\98.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\userCode\background.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\extensionData\userCode\extension.js, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\locale\en-US\translations.dtd, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button1.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button2.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button3.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button4.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\button5.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\crossrider_statusbar.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon128.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon16.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon24.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\icon48.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\panelarrow-up.png, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\popup.html, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\skin.css, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com\skin\update.css, , [ad84b775fa81ec4a12540f551ce6837d],
PUP.Optional.BuenoSearch.A, C:\Users\LukA!A!\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5221",), ,[6ac7101c047790a685901c389173b24e]
PUP.Optional.CrossRider.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14579129bb2d33f156473370ec3e1d40");), ,[f14045e7ec8f72c4572e95beb153be42]
PUP.Optional.BuenoSearch.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTe ... 3&tsp=5221");), ,[121fec404f2cf24450487dd6c34134cc]
PUP.Optional.BuenoSearch.A, C:\Users\LukA!A!\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTe ... 3&tsp=5221");), ,[f8391c10b8c349ed6434d380857f9b65]

Physical Sectors: 0
(No malicious items detected)


(end)

[Roli]

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.


To co Mbam našel nech vše smazat a pak mi sem dej zase log.

[Baza18]

ADWcleaner
# AdwCleaner v3.024 - Report created 20/04/2014 at 01:13:16
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lukáš - LUKAS-PC
# Running from : C:\Users\Lukáš\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
File Deleted : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "14579129bb2d33f156473370ec3e1d40");

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [3332 octets] - [19/04/2014 12:54:41]
AdwCleaner[R2].txt - [2988 octets] - [20/04/2014 01:11:30]
AdwCleaner[S0].txt - [2714 octets] - [20/04/2014 01:13:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2774 octets] ##########

[Baza18]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20.4.2014
Scan Time: 1:59:57
Logfile: mbam2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.19.11
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LukA!A!

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285448
Time Elapsed: 18 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Roli]

Mbam nyní odinstaluj.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Baza18]

ComboFix 14-04-20.01 - Lukáš 21.04.2014 13:19:02.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3980.1778 [GMT 2:00]
Spuštěný z: c:\users\Lukáš\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-21 do 2014-04-21 )))))))))))))))))))))))))))))))
.
.
2014-04-21 12:31 . 2014-04-21 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-21 11:16 . 2014-04-21 11:16 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68126103-3DC8-41ED-9755-02BDE1F27031}\offreg.dll
2014-04-19 23:25 . 2014-04-19 23:26 -------- d-----w- c:\users\Lukáš\AppData\Local\{CE6401DE-9B74-4E22-AE48-19A3AE936410}
2014-04-19 11:01 . 2014-04-20 14:17 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-19 10:59 . 2014-04-19 10:59 -------- d-----w- c:\programdata\Malwarebytes
2014-04-19 09:28 . 2014-04-19 23:13 -------- d-----w- C:\AdwCleaner
2014-04-19 08:47 . 2014-04-19 08:48 -------- d-----w- c:\users\Lukáš\AppData\Local\{8F62AFC8-AA2A-46E4-99E6-31C96BBBA9D4}
2014-04-18 10:58 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68126103-3DC8-41ED-9755-02BDE1F27031}\mpengine.dll
2014-04-16 16:42 . 2014-04-16 16:47 -------- d-----w- C:\FRST
2014-04-13 17:49 . 2014-04-13 17:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-04-13 17:49 . 2014-04-13 17:49 -------- d-----w- c:\programdata\Oracle
2014-04-13 17:48 . 2014-04-13 17:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 17:48 . 2014-04-13 17:48 -------- d-----w- c:\program files (x86)\Java
2014-04-12 15:21 . 2014-04-12 15:21 -------- d-----w- c:\users\Lukáš\AppData\Roaming\AVAST Software
2014-04-11 16:38 . 2014-04-11 16:38 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-11 16:38 . 2014-04-11 16:38 43152 ----a-w- c:\windows\avastSS.scr
2014-04-11 16:36 . 2014-04-11 16:38 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-11 16:36 . 2014-04-11 16:38 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-05 07:51 . 2014-04-05 07:51 -------- d-----w- c:\users\Lukáš\AppData\Local\{2CFFE34B-2777-4EE5-80BA-A80078A0FF5D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-21 07:15 . 2012-09-27 15:30 380 ----a-w- c:\users\Lukáš\AppData\Roaming\sp_data.sys
2014-04-21 07:15 . 2012-09-27 15:30 380 ----a-w- c:\users\Lukáš\AppData\Roaming\sp_data.sys
2014-04-13 17:57 . 2012-10-02 18:39 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-13 17:57 . 2012-10-02 18:39 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 16:38 . 2012-10-06 19:19 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-11 16:38 . 2012-10-06 19:18 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-11 16:38 . 2012-10-06 19:18 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-11 16:38 . 2012-10-06 19:18 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-11 16:38 . 2012-10-06 19:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-11 04:34 . 2013-04-18 08:00 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2012-10-08 08:05 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-02 5138032]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2012-07-20 259072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-11 3854640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-24 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys;c:\esupport\eDriver\I386\AsPrOb64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMWebAccessControl
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 06:02 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 17:57]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf494e929b3149.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 11:40]
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-11 16:38 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 147.230.16.140 147.230.16.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-21 14:37:31
ComboFix-quarantined-files.txt 2014-04-21 12:37
.
Před spuštěním: Volných bajtů: 40 751 939 584
Po spuštění: Volných bajtů: 41 465 679 872
.
- - End Of File - - FDDB007A565941F385144F129F39E18E

[Roli]

Přesuň Combofix na Místní disk C:

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt také na Místní disk C:,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Baza18]

Dobrý den,
bohužel se mi nepovedlo dokončit poslední akci, počítač se uspal a combofix skončil v 50 kroku s tím, že po nahození se PC nerozeběhnul. Mám akci opakovat znovu?

[Roli]

Dobrý den,
Mám akci opakovat znovu?

Ahoj, ano zkus to znovu.

[Baza18]

podruhé to již vyšlo

ComboFix 14-04-20.01 - Lukáš 04.05.2014 13:10:16.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3980.1681 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-04 do 2014-05-04 )))))))))))))))))))))))))))))))
.
.
2014-05-04 12:06 . 2014-05-04 12:06 -------- d-----w- c:\users\LukßÜ\AppData\Local\temp
2014-05-04 12:06 . 2014-05-04 12:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-04 12:06 . 2014-05-04 12:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-04 00:27 . 2014-05-04 00:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AD12EFD-660A-4A34-94FE-123844C1388E}\offreg.dll
2014-05-03 07:43 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AD12EFD-660A-4A34-94FE-123844C1388E}\mpengine.dll
2014-05-01 14:47 . 2014-05-01 14:48 -------- d-----w- c:\users\Lukáš\AppData\Local\{E4755036-CF19-43EF-8BAD-FC0BD5352D53}
2014-04-23 14:39 . 2014-04-23 14:39 -------- d-----w- c:\program files (x86)\SiteRecommend
2014-04-23 14:38 . 2014-04-23 14:38 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Atari
2014-04-23 14:38 . 2014-04-23 14:38 -------- d-----w- c:\users\Lukáš\AppData\Roaming\SimilarSites
2014-04-19 23:25 . 2014-04-19 23:26 -------- d-----w- c:\users\Lukáš\AppData\Local\{CE6401DE-9B74-4E22-AE48-19A3AE936410}
2014-04-19 11:01 . 2014-04-20 14:17 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-19 10:59 . 2014-04-19 10:59 -------- d-----w- c:\programdata\Malwarebytes
2014-04-19 09:28 . 2014-04-19 23:13 -------- d-----w- C:\AdwCleaner
2014-04-19 08:47 . 2014-04-19 08:48 -------- d-----w- c:\users\Lukáš\AppData\Local\{8F62AFC8-AA2A-46E4-99E6-31C96BBBA9D4}
2014-04-16 16:42 . 2014-04-16 16:47 -------- d-----w- C:\FRST
2014-04-13 17:49 . 2014-04-13 17:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-04-13 17:49 . 2014-04-13 17:49 -------- d-----w- c:\programdata\Oracle
2014-04-13 17:48 . 2014-04-13 17:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 17:48 . 2014-04-13 17:48 -------- d-----w- c:\program files (x86)\Java
2014-04-12 15:21 . 2014-04-12 15:21 -------- d-----w- c:\users\Lukáš\AppData\Roaming\AVAST Software
2014-04-11 16:38 . 2014-04-11 16:38 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-11 16:38 . 2014-04-11 16:38 43152 ----a-w- c:\windows\avastSS.scr
2014-04-11 16:36 . 2014-04-11 16:38 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-11 16:36 . 2014-04-11 16:38 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-05 07:51 . 2014-04-05 07:51 -------- d-----w- c:\users\Lukáš\AppData\Local\{2CFFE34B-2777-4EE5-80BA-A80078A0FF5D}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-04 07:43 . 2012-09-27 15:30 380 ----a-w- c:\users\Lukáš\AppData\Roaming\sp_data.sys
2014-05-04 07:43 . 2012-09-27 15:30 380 ----a-w- c:\users\Lukáš\AppData\Roaming\sp_data.sys
2014-04-29 13:51 . 2012-10-02 18:39 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 13:51 . 2012-10-02 18:39 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 16:38 . 2012-10-06 19:19 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-11 16:38 . 2012-10-06 19:18 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-11 16:38 . 2012-10-06 19:18 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-11 16:38 . 2012-10-06 19:18 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-11 16:38 . 2012-10-06 19:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-11 04:34 . 2013-04-18 08:00 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2012-10-08 08:05 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-02 5138032]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2012-07-20 259072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-11 3854640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-24 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys;c:\esupport\eDriver\I386\AsPrOb64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 17:53 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 13:51]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf494e929b3149.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 11:40]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-11 16:38 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 2&tsp=5226
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 147.230.16.140 147.230.16.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5226
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 2&tsp=5226
FF - user.js: extensions.buenosearch.id - c4d8b5c30000000000002208caf9fd19
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16183
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.716:40
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-05-04 14:11:18
ComboFix-quarantined-files.txt 2014-05-04 12:11
.
Před spuštěním: Volných bajtů: 48 922 636 288
Po spuštění: Volných bajtů: 48 372 387 840
.
- - End Of File - - DC59B573B2BD7152AD0AB6C53784BCA5

[Roli]

Tohle je dobré, ale je tam zpět zase ten jeden šmejd, tak že znovu ale s tímto skriptem,

jen dávej pozor na správný název, má to být takhle CFScript.txt ne takhle C:\CFScript.txt.txt.

Kód: Vybrat vše

FireFox:: 
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\
FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C4D82208CAF9FD19&affID=128492&tsp=5226
FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C4D82208CAF9FD19&affID=128492&tsp=5226
FF - user.js: extensions.buenosearch.id - c4d8b5c30000000000002208caf9fd19
FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
FF - user.js: extensions.buenosearch.instlDay - 16183
FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.716:40
FF - user.js: extensions.buenosearch.prtnrId - buenosearch
FF - user.js: extensions.buenosearch.prdct - buenosearch
FF - user.js: extensions.buenosearch.aflt - babsst
FF - user.js: extensions.buenosearch.smplGrp - none
FF - user.js: extensions.buenosearch.tlbrId - base
FF - user.js: extensions.buenosearch.instlRef - sst
FF - user.js: extensions.buenosearch.dfltLng - en
FF - user.js: extensions.buenosearch.excTlbr - false
FF - user.js: extensions.buenosearch.ffxUnstlRst - true
FF - user.js: extensions.buenosearch.admin - false
FF - user.js: extensions.buenosearch.autoRvrt - false
FF - user.js: extensions.buenosearch.rvrt - false
FF - user.js: extensions.buenosearch.newTab - false

[Baza18]

přípona txt mi ujela, kopíroval jsem název celý a neodstranil to, nicméně zde je nový log:
ComboFix 14-04-20.01 - Lukáš 05.05.2014 20:49:44.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3980.1582 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-05 do 2014-05-05 )))))))))))))))))))))))))))))))
.
.
2014-05-05 20:39 . 2014-05-05 20:39 -------- d-----w- c:\users\LukßÜ\AppData\Local\temp
2014-05-05 20:39 . 2014-05-05 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-05 20:39 . 2014-05-05 20:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-05-04 00:27 . 2014-05-04 00:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AD12EFD-660A-4A34-94FE-123844C1388E}\offreg.dll
2014-05-03 07:43 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AD12EFD-660A-4A34-94FE-123844C1388E}\mpengine.dll
2014-05-01 14:47 . 2014-05-01 14:48 -------- d-----w- c:\users\Lukáš\AppData\Local\{E4755036-CF19-43EF-8BAD-FC0BD5352D53}
2014-04-23 14:39 . 2014-04-23 14:39 -------- d-----w- c:\program files (x86)\SiteRecommend
2014-04-23 14:38 . 2014-04-23 14:38 -------- d-----w- c:\users\Lukáš\AppData\Roaming\Atari
2014-04-23 14:38 . 2014-04-23 14:38 -------- d-----w- c:\users\Lukáš\AppData\Roaming\SimilarSites
2014-04-19 23:25 . 2014-04-19 23:26 -------- d-----w- c:\users\Lukáš\AppData\Local\{CE6401DE-9B74-4E22-AE48-19A3AE936410}
2014-04-19 11:01 . 2014-04-20 14:17 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-19 10:59 . 2014-04-19 10:59 -------- d-----w- c:\programdata\Malwarebytes
2014-04-19 09:28 . 2014-04-19 23:13 -------- d-----w- C:\AdwCleaner
2014-04-19 08:47 . 2014-04-19 08:48 -------- d-----w- c:\users\Lukáš\AppData\Local\{8F62AFC8-AA2A-46E4-99E6-31C96BBBA9D4}
2014-04-16 16:42 . 2014-04-16 16:47 -------- d-----w- C:\FRST
2014-04-13 17:49 . 2014-04-13 17:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-04-13 17:49 . 2014-04-13 17:49 -------- d-----w- c:\programdata\Oracle
2014-04-13 17:48 . 2014-04-13 17:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 17:48 . 2014-04-13 17:48 -------- d-----w- c:\program files (x86)\Java
2014-04-12 15:21 . 2014-04-12 15:21 -------- d-----w- c:\users\Lukáš\AppData\Roaming\AVAST Software
2014-04-11 16:38 . 2014-04-11 16:38 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-11 16:38 . 2014-04-11 16:38 43152 ----a-w- c:\windows\avastSS.scr
2014-04-11 16:36 . 2014-04-11 16:38 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-11 16:36 . 2014-04-11 16:38 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-04 07:43 . 2012-09-27 15:30 380 ----a-w- c:\users\Lukáš\AppData\Roaming\sp_data.sys
2014-05-04 07:43 . 2012-09-27 15:30 380 ----a-w- c:\users\Lukáš\AppData\Roaming\sp_data.sys
2014-04-29 13:51 . 2012-10-02 18:39 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 13:51 . 2012-10-02 18:39 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 16:38 . 2012-10-06 19:19 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-11 16:38 . 2012-10-06 19:18 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-11 16:38 . 2012-10-06 19:18 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-11 16:38 . 2012-10-06 19:18 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-11 16:38 . 2012-10-06 19:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-11 04:34 . 2013-04-18 08:00 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2012-10-08 08:05 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-04-02 5138032]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2012-07-20 259072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-11 3854640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-24 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;c:\esupport\eDriver\I386\AsPrOb64.sys;c:\esupport\eDriver\I386\AsPrOb64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 17:53 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-02 13:51]
.
2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf494e929b3149.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 11:40]
.
2014-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-11 16:38 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrI ... 2&tsp=5226
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 147.230.16.140 147.230.16.1
FF - ProfilePath - c:\users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\8evgyrvm.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2014-05-05 22:45:25
ComboFix-quarantined-files.txt 2014-05-05 20:45
ComboFix2.txt 2014-05-04 12:11
.
Před spuštěním: Volných bajtů: 47 838 150 656
Po spuštění: Volných bajtů: 47 284 879 360
.
- - End Of File - - 648B4DEC3F9521868E2BC0A82502A820