VIRY.CZ

Ahoj, pujčil jsem si ségry notebook a při hledání filmu na mě vyskočila tabulka,která nešla zavřít, hlásící typické- prohlížeč byl zablokován dokud nezaplatíte blablabla. Restartoval jsem ntb a prohlížeč šel, projel jsem avastem, ccleaner a anti-malwarem, nic mi to nenašlo,ale notebook hrozně pomalu nabíhá, a třeba minutu je jen černá obrazovka než naběhne plocha. Prosím o kontrolu, jestli mi tam teda něco nevlezlo, nechtěl bych vracet zavirovanej ntb. Díkes

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by jaroslava (administrator) on JAROSLAVA-PC on 28-02-2014 20:14:16
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-04-13] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSPanel.exe [3753824 2011-12-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-12] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-942181333-3736677135-932791027-1000\...\Run: [HP Deskjet 5520 series (NET)] - C:\Program Files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-942181333-3736677135-932791027-1000\...\Run: [Google Update] - C:\Users\jaroslava\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-12] (Google Inc.)
HKU\S-1-5-21-942181333-3736677135-932791027-1000\...\Run: [ShowBatteryBar] - C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2009-05-28] ()
HKU\S-1-5-21-942181333-3736677135-932791027-1000\...\MountPoints2: {7cf4f6c6-c6b1-11e1-8e73-74f06df0e0a2} - F:\Autorun.exe
HKU\S-1-5-21-942181333-3736677135-932791027-1000\...\MountPoints2: {bc2e16c0-b3f6-11e2-88f9-806e6f6e6963} - F:\SETUP.EXE
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT
Startup: C:\Users\jaroslava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=i ... lz=1I7ASUT
SearchScopes: HKCU - DefaultScope 8240B5AAC93293D6672BDED4D7D158AB URL = http://search.speedbit.com/searchresult ... earchTerms}
SearchScopes: HKCU - 8240B5AAC93293D6672BDED4D7D158AB URL = http://search.speedbit.com/searchresult ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - No File
Handler-x32: osf-roaming - No CLSID Value -
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\pnu40ueb.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @microsoft.com/Office on Demand;version=1 - C:\Users\jaroslava\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jaroslava\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jaroslava\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-01-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-02]
FF HKCU\...\Firefox\Extensions: [{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}] - C:\Program Files (x86)\SpeedBit Toolbar\SPFireFox

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR Plugin: (Shockwave Flash) - C:\Users\jaroslava\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\jaroslava\AppData\Local\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jaroslava\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jaroslava\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (AdBlock) - C:\Users\jaroslava\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-08-25]
CHR Extension: (avast! Online Security) - C:\Users\jaroslava\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-29]
CHR Extension: (Youtube MP3 Converter) - C:\Users\jaroslava\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglljpndoeopcpehilglkbnincooinnb [2014-02-16]
CHR Extension: (Peněženka Google) - C:\Users\jaroslava\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [hglljpndoeopcpehilglkbnincooinnb] - C:\Users\jaroslava\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx [2013-08-30]
CHR StartMenuInternet: Google Chrome - C:\Users\jaroslava\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 ADSMService; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S2 HPSLPSVC; C:\Users\JAROSL~1\AppData\Local\Temp\7zS4723\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

R0 AsDsm; C:\Windows\System32\Drivers\AsDsm.sys [34872 2007-08-10] (Windows (R) Codename Longhorn DDK provider)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-03] (DT Soft Ltd)
S1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2014-01-16] ()
S2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-02-28] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-02-28] (Malwarebytes Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-03] (Duplex Secure Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\jaroslava\AppData\Local\Temp\tmp461B.tmp [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 20:13 - 2014-02-28 20:14 - 00000000 ____D () C:\FRST
2014-02-28 20:08 - 2014-02-28 20:08 - 00000206 _____ () C:\Windows\Tasks\P4GIntlCtrl.job
2014-02-28 19:46 - 2014-02-28 20:07 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-28 19:46 - 2014-02-28 20:07 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-28 19:29 - 2014-02-28 20:07 - 00000168 _____ () C:\Windows\setupact.log
2014-02-28 19:29 - 2014-02-28 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 19:10 - 2014-02-28 19:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-28 19:10 - 2014-02-28 19:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-28 19:08 - 2014-02-28 19:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-28 19:08 - 2014-02-28 19:08 - 00000000 ____D () C:\Users\jaroslava\Desktop\mbar
2014-02-28 19:05 - 2014-02-28 19:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-02-28 19:05 - 2014-02-28 19:06 - 12589848 _____ (Malwarebytes Corp.) C:\Users\jaroslava\Downloads\mbar-1.07.0.1009.exe
2014-02-28 19:05 - 2014-02-28 19:05 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-02-28 19:05 - 2013-07-16 03:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-02-28 19:05 - 2013-07-16 03:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll
2014-02-28 19:05 - 2013-07-16 03:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2014-02-28 19:05 - 2013-07-16 03:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2014-02-28 19:04 - 2014-02-28 19:05 - 01769928 _____ (Malwarebytes ) C:\Users\jaroslava\Downloads\mbae-setup-0.09.5.1000.exe
2014-02-28 16:22 - 2014-02-28 16:22 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\BatteryBar
2014-02-28 16:22 - 2014-02-28 16:22 - 00000000 ____D () C:\Program Files\BatteryBar
2014-02-28 16:21 - 2014-02-28 16:21 - 01270598 _____ () C:\Users\jaroslava\Desktop\BatteryBarSetup-3.5.4.exe
2014-02-28 11:33 - 2014-02-28 11:33 - 00000038 _____ () C:\Users\jaroslava\Desktop\f.txt
2014-02-28 11:18 - 2014-02-28 11:18 - 00000000 ____D () C:\Users\jaroslava\Downloads\The.Spectacular.Now.2013.HDRip.XviD-BS5
2014-02-26 20:00 - 2009-11-07 20:34 - 00000000 ____D () C:\Users\jaroslava\Desktop\yosemite
2014-02-23 17:54 - 2014-02-23 17:54 - 00000000 ____D () C:\Users\jaroslava\Downloads\The.Perks.Of.Being.A.Wallflower.2012.DVDSCR.XviD-ViP3R
2014-02-23 15:57 - 2014-02-23 18:00 - 00000000 ____D () C:\Users\jaroslava\Downloads\The Hunger Games Catching Fire (2013)
2014-02-22 20:51 - 2014-02-22 21:15 - 285905026 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E06.HDTV.x264-KILLERS.mp4
2014-02-22 20:16 - 2014-02-22 20:45 - 329553198 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E05.HDTV.x264-2HD.mp4
2014-02-22 18:50 - 2014-02-22 20:14 - 363854224 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E04.HDTV.x264-EXCELLENCE.mp4
2014-02-22 18:50 - 2014-02-22 18:50 - 00014612 _____ () C:\Users\jaroslava\Desktop\[kickass.to]switched.at.birth.s03e04.hdtv.x264.excellence.eztv.torrent
2014-02-22 18:11 - 2014-02-22 18:40 - 347722724 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E03.HDTV.x264-EXCELLENCE.mp4
2014-02-22 17:26 - 2014-02-22 18:03 - 379578105 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E02.HDTV.x264-2HD.mp4
2014-02-22 16:36 - 2014-02-22 17:07 - 366147568 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E01.HDTV.x264-2HD.mp4
2014-02-22 16:36 - 2014-02-22 16:36 - 00014705 _____ () C:\Users\jaroslava\Desktop\[kickass.to]switched.at.birth.s03e01.hdtv.x264.2hd.eztv.torrent
2014-02-22 15:23 - 2014-02-22 16:58 - 00000000 ____D () C:\Users\jaroslava\Downloads\Switched at Birth S02E20 HDTV x264-ASAP[ettv]
2014-02-22 14:29 - 2014-02-22 15:21 - 381302474 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S02E19.HDTV.x264-2HD.mp4
2014-02-22 14:28 - 2014-02-22 14:28 - 00015151 _____ () C:\Users\jaroslava\Desktop\[kickass.to]switched.at.birth.s02e19.hdtv.x264.2hd.eztv.torrent
2014-02-22 13:46 - 2014-02-22 14:19 - 379830505 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S02E18.HDTV.x264-EVOLVE.mp4
2014-02-22 13:00 - 2014-02-22 13:38 - 364223024 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S02E17.HDTV.x264-EVOLVE.mp4
2014-02-16 21:33 - 2014-02-16 21:33 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\Flvto Plugin for Google Chrome
2014-02-16 14:55 - 2014-02-16 14:55 - 00000000 ____D () C:\Users\jaroslava\Downloads\Fight Club (1999) [1080p]
2014-02-15 14:43 - 2014-02-15 15:58 - 378909547 ____R () C:\Users\jaroslava\Downloads\Hart.of.Dixie.S03E13.HDTV.x264-LOL.mp4
2014-02-15 13:47 - 2014-02-28 20:07 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 13:47 - 2014-02-28 18:52 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 21:12 - 2014-02-28 19:17 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA.job
2014-02-13 21:12 - 2014-02-27 21:28 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core.job
2014-02-13 19:04 - 2014-02-13 19:05 - 00000000 ____D () C:\Program Files (x86)\GeoGebra 4.4
2014-02-13 16:09 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 16:09 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 16:08 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 16:08 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 16:08 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 16:08 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 16:08 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 16:08 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 16:08 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 16:08 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 16:08 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 16:08 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 16:08 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 16:08 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 16:08 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 16:08 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 16:08 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 16:08 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 16:08 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 16:08 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 16:08 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 16:08 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 16:08 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 16:08 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 16:08 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 16:08 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 16:08 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 16:08 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 16:08 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 16:08 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 16:08 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 16:08 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 16:08 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 16:08 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 16:08 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 16:08 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 16:08 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 16:08 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 16:08 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 16:08 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 16:08 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 15:01 - 2014-02-12 15:01 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\{8D420025-4CE2-49DA-9D5A-920F25F10A6F}
2014-02-12 14:56 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 14:56 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 14:56 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 14:56 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 14:56 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 14:56 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 14:56 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 14:56 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 14:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 14:56 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 14:56 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 14:56 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 14:56 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 14:56 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 14:56 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 14:56 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 14:56 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 14:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 14:56 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 14:56 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 14:56 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 14:56 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 14:56 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 14:56 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 14:55 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 14:55 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 14:55 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 14:55 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 14:54 - 2010-05-02 20:51 - 00301952 _____ (Windows (R) 2000 DDK provider) C:\Windows\SysWOW64\Drivers\wwsplit.sys
2014-02-12 14:54 - 2007-08-26 23:03 - 00360448 _____ (CodeGear) C:\Windows\SysWOW64\midas.dll
2014-02-12 14:53 - 2014-02-12 14:54 - 00000000 ____D () C:\Program Files (x86)\Willing Webcam Lite
2014-02-12 14:53 - 2014-02-12 14:53 - 00000000 ____D () C:\Users\jaroslava\Documents\Willing Webcam Lite
2014-02-12 13:32 - 2014-02-12 13:32 - 26526756 _____ () C:\Users\jaroslava\Downloads\LifeFrame3_ASUS_Win7_64_VER317.zip
2014-02-09 17:18 - 2014-02-09 17:52 - 395960633 ____R () C:\Users\jaroslava\Downloads\Hart.of.Dixie.S03E12.HDTV.x264-LOL.mp4
2014-02-09 12:34 - 2014-02-09 13:06 - 00000000 ____D () C:\Users\jaroslava\Downloads\Pretty Little Liars S04E18 HDTV x264-LOL[ettv]
2014-02-08 20:31 - 2014-02-09 12:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 20:31 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\Malwarebytes
2014-02-08 20:31 - 2014-02-08 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-07 14:00 - 2014-02-09 15:28 - 00000000 ____D () C:\Users\jaroslava\Downloads\Beautiful.Creatures.2013.CAM.READ.INFO-NOGRP
2014-02-07 11:37 - 2014-02-07 12:02 - 00000000 ____D () C:\Users\jaroslava\Downloads\Ravenswood.S01E10.HDTV.x264-LOL

==================== One Month Modified Files and Folders =======

2014-02-28 20:14 - 2014-02-28 20:13 - 00000000 ____D () C:\FRST
2014-02-28 20:08 - 2014-02-28 20:08 - 00000206 _____ () C:\Windows\Tasks\P4GIntlCtrl.job
2014-02-28 20:08 - 2009-07-14 06:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-28 20:07 - 2014-02-28 19:46 - 00002998 _____ () C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-02-28 20:07 - 2014-02-28 19:46 - 00000508 _____ () C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-02-28 20:07 - 2014-02-28 19:29 - 00000168 _____ () C:\Windows\setupact.log
2014-02-28 20:07 - 2014-02-15 13:47 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 20:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 19:43 - 2011-07-22 09:53 - 01832235 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 19:37 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 19:37 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 19:30 - 2014-02-28 19:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-02-28 19:29 - 2014-02-28 19:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 19:17 - 2014-02-13 21:12 - 00000978 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA.job
2014-02-28 19:12 - 2014-02-28 19:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-28 19:10 - 2014-02-28 19:10 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-28 19:08 - 2014-02-28 19:08 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-28 19:08 - 2014-02-28 19:08 - 00000000 ____D () C:\Users\jaroslava\Desktop\mbar
2014-02-28 19:06 - 2014-02-28 19:05 - 12589848 _____ (Malwarebytes Corp.) C:\Users\jaroslava\Downloads\mbar-1.07.0.1009.exe
2014-02-28 19:05 - 2014-02-28 19:05 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-02-28 19:05 - 2014-02-28 19:04 - 01769928 _____ (Malwarebytes ) C:\Users\jaroslava\Downloads\mbae-setup-0.09.5.1000.exe
2014-02-28 18:52 - 2014-02-15 13:47 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 17:28 - 2012-02-20 21:49 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-02-28 17:28 - 2011-07-22 09:58 - 00003182 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-02-28 16:22 - 2014-02-28 16:22 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\BatteryBar
2014-02-28 16:22 - 2014-02-28 16:22 - 00000000 ____D () C:\Program Files\BatteryBar
2014-02-28 16:21 - 2014-02-28 16:21 - 01270598 _____ () C:\Users\jaroslava\Desktop\BatteryBarSetup-3.5.4.exe
2014-02-28 16:20 - 2011-02-19 06:36 - 00689836 _____ () C:\Windows\system32\perfh005.dat
2014-02-28 16:20 - 2011-02-19 06:36 - 00150804 _____ () C:\Windows\system32\perfc005.dat
2014-02-28 16:20 - 2009-07-14 06:13 - 01644752 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-28 14:20 - 2013-12-15 15:52 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\Spotify
2014-02-28 14:19 - 2013-12-15 15:55 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\Spotify
2014-02-28 14:17 - 2012-10-02 18:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-28 14:15 - 2012-05-08 12:58 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\uTorrent
2014-02-28 11:33 - 2014-02-28 11:33 - 00000038 _____ () C:\Users\jaroslava\Desktop\f.txt
2014-02-28 11:18 - 2014-02-28 11:18 - 00000000 ____D () C:\Users\jaroslava\Downloads\The.Spectacular.Now.2013.HDRip.XviD-BS5
2014-02-27 21:28 - 2014-02-13 21:12 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core.job
2014-02-27 16:48 - 2012-01-04 20:39 - 01612768 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 18:52 - 2012-03-19 17:53 - 12463616 ___SH () C:\Users\jaroslava\Desktop\Thumbs.db
2014-02-25 17:37 - 2013-08-26 17:07 - 00000000 ____D () C:\Users\jaroslava\Desktop\Nová složka (2)
2014-02-23 18:00 - 2014-02-23 15:57 - 00000000 ____D () C:\Users\jaroslava\Downloads\The Hunger Games Catching Fire (2013)
2014-02-23 17:54 - 2014-02-23 17:54 - 00000000 ____D () C:\Users\jaroslava\Downloads\The.Perks.Of.Being.A.Wallflower.2012.DVDSCR.XviD-ViP3R
2014-02-23 15:43 - 2012-01-04 20:40 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\SoftGrid Client
2014-02-22 21:24 - 2012-07-31 20:42 - 02259968 ___SH () C:\Users\jaroslava\Downloads\Thumbs.db
2014-02-22 21:15 - 2014-02-22 20:51 - 285905026 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E06.HDTV.x264-KILLERS.mp4
2014-02-22 20:45 - 2014-02-22 20:16 - 329553198 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E05.HDTV.x264-2HD.mp4
2014-02-22 20:14 - 2014-02-22 18:50 - 363854224 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E04.HDTV.x264-EXCELLENCE.mp4
2014-02-22 18:50 - 2014-02-22 18:50 - 00014612 _____ () C:\Users\jaroslava\Desktop\[kickass.to]switched.at.birth.s03e04.hdtv.x264.excellence.eztv.torrent
2014-02-22 18:40 - 2014-02-22 18:11 - 347722724 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E03.HDTV.x264-EXCELLENCE.mp4
2014-02-22 18:03 - 2014-02-22 17:26 - 379578105 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E02.HDTV.x264-2HD.mp4
2014-02-22 17:07 - 2014-02-22 16:36 - 366147568 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S03E01.HDTV.x264-2HD.mp4
2014-02-22 16:58 - 2014-02-22 15:23 - 00000000 ____D () C:\Users\jaroslava\Downloads\Switched at Birth S02E20 HDTV x264-ASAP[ettv]
2014-02-22 16:36 - 2014-02-22 16:36 - 00014705 _____ () C:\Users\jaroslava\Desktop\[kickass.to]switched.at.birth.s03e01.hdtv.x264.2hd.eztv.torrent
2014-02-22 15:21 - 2014-02-22 14:29 - 381302474 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S02E19.HDTV.x264-2HD.mp4
2014-02-22 14:28 - 2014-02-22 14:28 - 00015151 _____ () C:\Users\jaroslava\Desktop\[kickass.to]switched.at.birth.s02e19.hdtv.x264.2hd.eztv.torrent
2014-02-22 14:19 - 2014-02-22 13:46 - 379830505 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S02E18.HDTV.x264-EVOLVE.mp4
2014-02-22 13:38 - 2014-02-22 13:00 - 364223024 ____R () C:\Users\jaroslava\Downloads\Switched.at.Birth.S02E17.HDTV.x264-EVOLVE.mp4
2014-02-19 19:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-17 19:53 - 2013-07-27 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 19:51 - 2011-12-26 17:54 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 17:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-16 21:33 - 2014-02-16 21:33 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\Flvto Plugin for Google Chrome
2014-02-16 14:55 - 2014-02-16 14:55 - 00000000 ____D () C:\Users\jaroslava\Downloads\Fight Club (1999) [1080p]
2014-02-15 15:58 - 2014-02-15 14:43 - 378909547 ____R () C:\Users\jaroslava\Downloads\Hart.of.Dixie.S03E13.HDTV.x264-LOL.mp4
2014-02-15 13:47 - 2011-04-01 09:58 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 13:47 - 2011-04-01 09:58 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 21:12 - 2012-01-12 21:35 - 00003956 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA
2014-02-13 21:12 - 2012-01-12 21:35 - 00003560 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core
2014-02-13 19:05 - 2014-02-13 19:04 - 00000000 ____D () C:\Program Files (x86)\GeoGebra 4.4
2014-02-12 17:49 - 2013-05-03 14:59 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\NFS Underground 2
2014-02-12 15:01 - 2014-02-12 15:01 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\{8D420025-4CE2-49DA-9D5A-920F25F10A6F}
2014-02-12 15:01 - 2012-02-27 19:05 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\Windows Live
2014-02-12 14:54 - 2014-02-12 14:53 - 00000000 ____D () C:\Program Files (x86)\Willing Webcam Lite
2014-02-12 14:53 - 2014-02-12 14:53 - 00000000 ____D () C:\Users\jaroslava\Documents\Willing Webcam Lite
2014-02-12 14:48 - 2011-12-27 17:27 - 00005120 _____ () C:\Users\jaroslava\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-12 13:35 - 2011-12-21 15:40 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\VirtualStore
2014-02-12 13:34 - 2011-04-01 10:19 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-02-12 13:32 - 2014-02-12 13:32 - 26526756 _____ () C:\Users\jaroslava\Downloads\LifeFrame3_ASUS_Win7_64_VER317.zip
2014-02-11 17:45 - 2011-12-21 15:40 - 00000000 ____D () C:\Users\jaroslava
2014-02-09 18:45 - 2013-12-23 16:05 - 00000000 ____D () C:\Program Files\trend micro
2014-02-09 17:52 - 2014-02-09 17:18 - 395960633 ____R () C:\Users\jaroslava\Downloads\Hart.of.Dixie.S03E12.HDTV.x264-LOL.mp4
2014-02-09 15:28 - 2014-02-07 14:00 - 00000000 ____D () C:\Users\jaroslava\Downloads\Beautiful.Creatures.2013.CAM.READ.INFO-NOGRP
2014-02-09 15:22 - 2011-12-21 15:40 - 00000000 ___RD () C:\Users\jaroslava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-09 13:06 - 2014-02-09 12:34 - 00000000 ____D () C:\Users\jaroslava\Downloads\Pretty Little Liars S04E18 HDTV x264-LOL[ettv]
2014-02-09 12:44 - 2014-02-08 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 20:31 - 2014-02-08 20:31 - 00000000 ____D () C:\Users\jaroslava\AppData\Roaming\Malwarebytes
2014-02-08 20:31 - 2014-02-08 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-07 22:43 - 2012-02-27 18:28 - 00000000 ____D () C:\Users\jaroslava\AppData\Local\Adobe
2014-02-07 22:30 - 2012-10-24 15:42 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-07 22:30 - 2012-06-14 15:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-07 22:30 - 2011-12-26 18:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-07 12:02 - 2014-02-07 11:37 - 00000000 ____D () C:\Users\jaroslava\Downloads\Ravenswood.S01E10.HDTV.x264-LOL
2014-02-06 13:16 - 2014-02-13 16:08 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 16:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 16:08 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 16:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 16:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 16:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 16:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 16:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 16:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 16:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 16:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 16:08 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 16:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 16:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 16:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 16:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 16:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 16:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 16:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 16:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 16:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 16:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 16:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 16:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 16:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 16:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 16:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 16:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 16:08 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 16:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 16:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 16:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 16:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 16:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 16:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 16:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 16:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 18:35 - 2013-10-13 16:20 - 00000000 ____D () C:\Windows\pss

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-19 19:28

==================== End Of Log ============================

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 14-02-24.02 - jaroslava 01.03.2014 12:20:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3949.2143 [GMT 1:00]
Spuštěný z: c:\users\jaroslava\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\metin2.stderr.log
c:\windows\SysWow64\Temp\metin2.stdout.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-01 do 2014-03-01 )))))))))))))))))))))))))))))))
.
.
2014-03-01 11:27 . 2014-03-01 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-28 20:46 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4851BA2F-343F-4617-8FDC-68069CB79AEA}\mpengine.dll
2014-02-28 19:13 . 2014-02-28 19:15 -------- d-----w- C:\FRST
2014-02-28 18:10 . 2014-02-28 18:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-28 18:10 . 2014-02-28 18:10 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-28 18:08 . 2014-02-28 18:08 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-28 18:05 . 2013-07-16 02:41 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2014-02-28 18:05 . 2013-07-16 02:41 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2014-02-28 18:05 . 2013-07-16 02:41 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2014-02-28 18:05 . 2014-02-28 18:30 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2014-02-28 18:05 . 2013-07-16 02:41 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2014-02-28 15:22 . 2014-02-28 15:22 -------- d-----w- c:\users\jaroslava\AppData\Roaming\BatteryBar
2014-02-28 15:22 . 2014-02-28 15:22 -------- d-----w- c:\program files\BatteryBar
2014-02-27 15:45 . 2014-02-27 15:45 -------- d-----w- c:\windows\Migration
2014-02-16 20:33 . 2014-02-16 20:33 -------- d-----w- c:\users\jaroslava\AppData\Local\Flvto Plugin for Google Chrome
2014-02-13 18:04 . 2014-02-13 18:05 -------- d-----w- c:\program files (x86)\GeoGebra 4.4
2014-02-13 15:09 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:09 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 13:55 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 13:55 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 13:55 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 13:55 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 13:54 . 2007-08-26 22:03 360448 ----a-w- c:\windows\SysWow64\midas.dll
2014-02-12 13:54 . 2010-05-02 19:51 301952 ----a-w- c:\windows\SysWow64\drivers\wwsplit.sys
2014-02-12 13:53 . 2014-02-12 13:54 -------- d-----w- c:\program files (x86)\Willing Webcam Lite
2014-02-08 19:31 . 2014-02-08 19:31 -------- d-----w- c:\users\jaroslava\AppData\Roaming\Malwarebytes
2014-02-08 19:31 . 2014-02-08 19:31 -------- d-----w- c:\programdata\Malwarebytes
2014-02-08 19:31 . 2014-02-09 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-28 16:28 . 2012-02-20 20:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-02-17 18:51 . 2011-12-26 16:54 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-07 21:30 . 2012-06-14 14:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-07 21:30 . 2011-12-26 17:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 20:09 . 2014-01-27 20:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 05:13 . 2011-12-27 11:04 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-03 15:21 222712 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-03 15:21 222712 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-03 15:21 222712 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 5520 series (NET)"="c:\program files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSPanel.exe" [2011-12-28 3753824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
.
c:\users\jaroslava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\jaroslava\AppData\Local\Temp\tmp461B.tmp;c:\users\jaroslava\AppData\Local\Temp\tmp461B.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 08:58]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 08:58]
.
2014-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core.job
- c:\users\jaroslava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 20:35]
.
2014-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA.job
- c:\users\jaroslava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-12 20:35]
.
2014-03-01 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-02-28 12:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-03 15:21 261624 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-03 15:21 261624 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-03 15:21 261624 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-12-01 08:14 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-12-01 08:14 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2011-12-01 08:14 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
.
------- Doplňkový sken -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\jaroslava\Microsoft Office 15\root\office15\MSOSB.DLL
FF - ProfilePath - c:\users\jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\pnu40ueb.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\jaroslava\AppData\Local\Temp\tmp461B.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-942181333-3736677135-932791027-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e6,fd,6f,37,44,03,15,c5,3a,35,96,56,04,bf,4d,24,ef,c8,a8,e2,87,
74,ee,7c,c6,db,cb,17,c5,03,6e,5e,ec,f5,5d,1c,47,9e,c8,e2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-942181333-3736677135-932791027-1000_Classes\Wow6432Node\CLSID\{e9ee33cf-028a-4fcd-9902-94a14090733d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015a
"Therad"=dword:00000028
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,e2,88,94,79,16,6d,08,ad,64,d7,9b,75,60,3f,e8,9a,33,ef,1e,1b,68,a5,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Celkový čas: 2014-03-01 12:34:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-01 11:34
.
Před spuštěním: Volných bajtů: 155 011 821 568
Po spuštění: Volných bajtů: 154 628 775 936
.
- - End Of File - - 1E1D55D4D58F74E8444ABB2DF9679A39

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\acovcnt.exe

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA.job

RegLock::
[HKEY_USERS\S-1-5-21-942181333-3736677135-932791027-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-942181333-3736677135-932791027-1000_Classes\Wow6432Node\CLSID\{e9ee33cf-028a-4fcd-9902-94a14090733d}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Omlouvám se, že to trvalo tak dlouho, ale jsem na intru a kvuli opravám nám tu dočasně odpojili net...
ComboFix 14-02-24.02 - jaroslava 03.03.2014 15:51:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3949.2438 [GMT 1:00]
Spuštěný z: c:\users\jaroslava\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\jaroslava\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\msvcr71.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\acovcnt.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-942181333-3736677135-932791027-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-03 do 2014-03-03 )))))))))))))))))))))))))))))))
.
.
2014-03-03 14:58 . 2014-03-03 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-03 14:58 . 2014-03-03 14:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-02-28 20:46 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4851BA2F-343F-4617-8FDC-68069CB79AEA}\mpengine.dll
2014-02-28 19:13 . 2014-02-28 19:15 -------- d-----w- C:\FRST
2014-02-28 18:10 . 2014-02-28 18:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-28 18:10 . 2014-02-28 18:10 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-28 18:08 . 2014-02-28 18:08 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-28 18:05 . 2013-07-16 02:41 743248 ----a-w- c:\windows\SysWow64\msvcp100d.dll
2014-02-28 18:05 . 2013-07-16 02:41 1858896 ----a-w- c:\windows\system32\msvcr100d.dll
2014-02-28 18:05 . 2013-07-16 02:41 1498960 ----a-w- c:\windows\SysWow64\msvcr100d.dll
2014-02-28 18:05 . 2014-02-28 18:30 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2014-02-28 18:05 . 2013-07-16 02:41 1014096 ----a-w- c:\windows\system32\msvcp100d.dll
2014-02-28 15:22 . 2014-02-28 15:22 -------- d-----w- c:\users\jaroslava\AppData\Roaming\BatteryBar
2014-02-28 15:22 . 2014-02-28 15:22 -------- d-----w- c:\program files\BatteryBar
2014-02-27 15:45 . 2014-02-27 15:45 -------- d-----w- c:\windows\Migration
2014-02-16 20:33 . 2014-02-16 20:33 -------- d-----w- c:\users\jaroslava\AppData\Local\Flvto Plugin for Google Chrome
2014-02-13 18:04 . 2014-02-13 18:05 -------- d-----w- c:\program files (x86)\GeoGebra 4.4
2014-02-13 15:09 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 15:09 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 13:55 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 13:55 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 13:55 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 13:55 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 13:54 . 2007-08-26 22:03 360448 ----a-w- c:\windows\SysWow64\midas.dll
2014-02-12 13:54 . 2010-05-02 19:51 301952 ----a-w- c:\windows\SysWow64\drivers\wwsplit.sys
2014-02-12 13:53 . 2014-02-12 13:54 -------- d-----w- c:\program files (x86)\Willing Webcam Lite
2014-02-08 19:31 . 2014-02-08 19:31 -------- d-----w- c:\users\jaroslava\AppData\Roaming\Malwarebytes
2014-02-08 19:31 . 2014-02-08 19:31 -------- d-----w- c:\programdata\Malwarebytes
2014-02-08 19:31 . 2014-02-09 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 18:51 . 2011-12-26 16:54 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-07 21:30 . 2012-06-14 14:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-07 21:30 . 2011-12-26 17:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 20:09 . 2014-01-27 20:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 05:13 . 2011-12-27 11:04 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-03 15:21 222712 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-03 15:21 222712 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-03 15:21 222712 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 16:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 5520 series (NET)"="c:\program files\HP\HP Deskjet 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSPanel.exe" [2011-12-28 3753824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
.
c:\users\jaroslava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\jaroslava\AppData\Local\Temp\tmp461B.tmp;c:\users\jaroslava\AppData\Local\Temp\tmp461B.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys;c:\program files\Malwarebytes Anti-Exploit\MBAE.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-03 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-02-28 12:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-03 15:21 261624 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-03 15:21 261624 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-03 15:21 261624 ----a-w- c:\users\jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-12-01 08:14 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-12-01 08:14 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2011-12-01 08:14 1504608 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage Sync\1.0.11.58\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
.
------- Doplňkový sken -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\jaroslava\Microsoft Office 15\root\office15\MSOSB.DLL
FF - ProfilePath - c:\users\jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\pnu40ueb.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\jaroslava\AppData\Local\Temp\tmp461B.tmp"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\windows\AsScrPro.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Celkový čas: 2014-03-03 16:05:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-03 15:05
ComboFix2.txt 2014-03-01 11:34
.
Před spuštěním: Volných bajtů: 156 077 469 696
Po spuštění: Volných bajtů: 155 660 722 176
.
- - End Of File - - 5C214DCF5F8469C7C73AF6B41A6C7CA4

Smazáno. CF odinstalujte pomocí T-Clenaeru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?

Pc je určitě rychlejší, ale pořád při startu objevuje na dost dlouho černá obrazovka. Mám ale podezření ,jestli to není baterií ntb. Před pár dny mi najednou začala vyskakovat hláška o výměně baterie a notebook vydrží max. 45 min, nikdy se nenabije na sto pro. Muže to být tím?

JarekT píše:Pc je určitě rychlejší, ale pořád při startu objevuje na dost dlouho černá obrazovka. Mám ale podezření ,jestli to není baterií ntb. Před pár dny mi najednou začala vyskakovat hláška o výměně baterie a notebook vydrží max. 45 min, nikdy se nenabije na sto pro. Muže to být tím?

Teoreticky ano. Zkuste NB provozovat s vyjmutou byterií a uvidíte, zda se něco změní.