NTB se samovolně restartuje

Zpráva

vratkokuk · #1 Příspěvek od **vratkokuk** » 10 srp 2014 18:07

Zdravím všetkých ľudí dobrej vôle.

Dcéra má problémy s ntb. Je spomalený, zasekáva sa, občas sa sám restartuje, inokedy stmavne monitor a ntb sa sekne a potom sa musí násilne vypnúť. Inokedy časť monitoru zostane biela, časť zostane tmavá a opäť nereaguje na podnety.

Posielame log.:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by Sisi (administrator) on SILVIE on 08-08-2014 17:24:37
Running from C:\Users\Sisi\Desktop
Platform: Windows 8 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Shield Plus) C:\Users\Sisi\AppData\Local\ShieldPlus\spprt\spsvc.exe
() C:\Program Files (x86)\WebSpades\updateWebSpades.exe
() C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\WebSpades\bin\WebSpades.PurBrowse64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Users\Sisi\AppData\Roaming\QipGuard\QipGuard.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\WebSpades\bin\WebSpades.BrowserAdapter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(forum.viry.cz) C:\Users\Sisi\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-05-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-05-10] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-12] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [Facebook Update] => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-07] (Facebook Inc.)
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [QIP Internet Guardian] => C:\Users\Sisi\AppData\Roaming\QipGuard\QipGuard.exe [188416 2010-10-20] ()
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584 2014-04-21] (IObit)
Startup: C:\Users\Sisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll ()
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKCU - QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sisi\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
SearchScopes: HKLM - DefaultScope {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTe ... l&tsp=5285
SearchScopes: HKCU - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL =
SearchScopes: HKCU - {353DD7F6-6599-4E3E-B49A-ED18C80C20CA} URL = http://websearch.ask.com/redirect?clien ... E16658617F
SearchScopes: HKCU - {37E25BCB-F8EC-4F01-BA99-853D0F5646CC} URL = http://www.mysearchresults.com/search?c ... earchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll (installdaddy)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll (installdaddy)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: QIPBHO Class -> {95289393-33EA-4F8D-B952-483415B9C955} -> C:\Users\Sisi\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Sisi\AppData\Roaming\Mozilla\Firefox\Profiles\tbc94ly8.default
FF Plugin-x32: @caminova.com/DjVuPlugin -> C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sisi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF user.js: detected! => C:\Users\Sisi\AppData\Roaming\Mozilla\Firefox\Profiles\tbc94ly8.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-03]

Chrome:
=======
CHR Extension: (Dokumenty Google) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-25]
CHR Extension: (Disk Google) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-25]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-06-28]
CHR Extension: (YouTube) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-25]
CHR Extension: (avast! Online Security) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-25]
CHR Extension: (No Name) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon [2014-06-22]
CHR Extension: (Skype Click to Call) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-25]
CHR Extension: (Peněženka Google) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR Extension: (Gmail) - C:\Users\Sisi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2014-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-06-25] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-02-25] (ELAN Microelectronics Corp.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-21] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-21] (globalUpdate) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 Service; C:\Users\Sisi\AppData\Local\ShieldPlus\spprt\spsvc.exe [134656 2014-06-12] (Shield Plus) [File not signed]
R2 Update WebSpades; C:\Program Files (x86)\WebSpades\updateWebSpades.exe [323360 2014-08-08] ()
R2 Util WebSpades; C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe [323360 2014-08-08] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-25] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-06-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-25] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-06-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-25] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-12-06] (Disc Soft Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R1 {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64; C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys [61120 2014-06-19] (StdLib)
R1 {ed7eb956-75ed-460d-8f69-29a93b07afd1}w64; C:\Windows\System32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys [61632 2014-08-06] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 17:24 - 2014-08-08 17:25 - 00023188 _____ () C:\Users\Sisi\Desktop\FRST.txt
2014-08-08 17:24 - 2014-08-08 17:24 - 00000000 ____D () C:\FRST
2014-08-08 17:22 - 2014-08-08 17:22 - 00112640 _____ (forum.viry.cz) C:\Users\Sisi\Desktop\FRSTLauncher.exe
2014-08-08 17:21 - 2014-08-08 17:21 - 02094080 _____ (Farbar) C:\Users\Sisi\Desktop\FRST64.exe
2014-08-08 16:27 - 2014-08-08 16:37 - 00003397 _____ () C:\windows\WindowsUpdate.log
2014-08-08 16:15 - 2014-08-08 16:15 - 00000794 _____ () C:\windows\PFRO.log
2014-08-08 15:08 - 2014-08-08 15:08 - 00003466 _____ () C:\Users\Sisi\Desktop\cc_20140808_150839.reg
2014-08-08 14:58 - 2014-08-08 14:59 - 00091668 _____ () C:\Users\Sisi\Desktop\cc_20140808_145723.reg
2014-08-08 14:02 - 2014-08-08 14:02 - 00000000 _____ () C:\asc_rdflag
2014-08-08 11:31 - 2014-08-06 09:43 - 00061632 _____ (StdLib) C:\windows\system32\Drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys
2014-08-07 20:45 - 2014-08-07 20:45 - 01057176 _____ (Adobe) C:\Users\Sisi\Downloads\install_flashplayer14x32_mssd_awc_aih(1).exe
2014-08-06 12:36 - 2014-05-15 03:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-06 12:36 - 2014-05-15 00:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-06 12:36 - 2014-05-15 00:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-06 12:36 - 2014-05-15 00:43 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-08-06 12:36 - 2014-05-15 00:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-08-02 13:49 - 2014-08-02 13:49 - 01057176 _____ (Adobe) C:\Users\Sisi\Downloads\install_flashplayer14x32_mssd_awc_aih.exe
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-18 21:24 - 2014-08-08 14:02 - 04980736 _____ () C:\windows\system32\config\DRIVERS.iodefrag.bak
2014-07-16 13:26 - 2014-07-16 13:26 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-07-16 13:26 - 2014-07-16 13:26 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2014-07-12 23:02 - 2014-07-12 23:02 - 00428024 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-12 13:54 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-12 13:54 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-12 13:54 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-12 13:54 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-12 13:54 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-12 13:54 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-12 13:54 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-12 13:54 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-12 13:54 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-12 13:54 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-12 13:54 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-12 13:54 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-12 13:54 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-12 13:54 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-12 13:54 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-12 13:54 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-12 13:54 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-12 13:54 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-12 13:54 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-12 13:54 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-12 13:54 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-12 13:54 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-11 14:32 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-11 14:32 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 23:20 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-10 23:20 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-10 23:20 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-10 23:20 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-10 23:20 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-10 23:20 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-10 23:20 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-10 23:20 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 23:20 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-10 23:20 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 23:20 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-09 19:59 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 19:59 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 19:59 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 19:58 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-09 19:58 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-09 19:58 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 19:58 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-09 19:51 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-09 19:40 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 19:37 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 19:37 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 17:25 - 2014-08-08 17:24 - 00023188 _____ () C:\Users\Sisi\Desktop\FRST.txt
2014-08-08 17:24 - 2014-08-08 17:24 - 00000000 ____D () C:\FRST
2014-08-08 17:22 - 2014-08-08 17:22 - 00112640 _____ (forum.viry.cz) C:\Users\Sisi\Desktop\FRSTLauncher.exe
2014-08-08 17:21 - 2014-08-08 17:21 - 02094080 _____ (Farbar) C:\Users\Sisi\Desktop\FRST64.exe
2014-08-08 17:05 - 2014-06-21 23:00 - 00000956 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-08-08 17:00 - 2014-06-21 23:00 - 00002324 _____ () C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.job
2014-08-08 17:00 - 2014-06-21 23:00 - 00001512 _____ () C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-6.job
2014-08-08 17:00 - 2014-06-21 23:00 - 00001442 _____ () C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-7.job
2014-08-08 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-08 16:59 - 2014-06-21 22:59 - 00003808 _____ () C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.job
2014-08-08 16:37 - 2014-08-08 16:27 - 00003397 _____ () C:\windows\WindowsUpdate.log
2014-08-08 16:22 - 2013-10-30 12:02 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2238759670-2640318916-2737505659-1001
2014-08-08 16:17 - 2012-07-26 07:26 - 00000269 _____ () C:\windows\win.ini
2014-08-08 16:16 - 2014-06-21 22:59 - 00000952 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-08-08 16:16 - 2014-06-10 14:26 - 00283136 ___SH () C:\Users\Sisi\Desktop\Thumbs.db
2014-08-08 16:15 - 2014-08-08 16:15 - 00000794 _____ () C:\windows\PFRO.log
2014-08-08 16:15 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-08 15:39 - 2013-11-07 13:34 - 00000938 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001UA.job
2014-08-08 15:08 - 2014-08-08 15:08 - 00003466 _____ () C:\Users\Sisi\Desktop\cc_20140808_150839.reg
2014-08-08 15:01 - 2014-06-01 08:01 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-08-08 14:59 - 2014-08-08 14:58 - 00091668 _____ () C:\Users\Sisi\Desktop\cc_20140808_145723.reg
2014-08-08 14:54 - 2013-11-02 14:04 - 00000000 ____D () C:\Users\Sisi\AppData\Local\CrashDumps
2014-08-08 14:02 - 2014-08-08 14:02 - 00000000 _____ () C:\asc_rdflag
2014-08-08 14:02 - 2014-07-18 21:24 - 04980736 _____ () C:\windows\system32\config\DRIVERS.iodefrag.bak
2014-08-08 14:02 - 2014-06-29 19:35 - 75407360 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2014-08-08 14:02 - 2014-06-29 19:35 - 00704512 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2014-08-08 14:02 - 2014-06-29 19:35 - 00061440 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2014-08-08 14:02 - 2014-06-29 19:35 - 00028672 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2014-08-08 14:02 - 2013-10-30 09:56 - 00000000 ____D () C:\Users\Sisi
2014-08-08 14:02 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-08-08 14:01 - 2014-06-28 19:08 - 00000254 _____ () C:\windows\Tasks\ASC7_SkipUac_Sisi.job
2014-08-08 14:01 - 2013-10-30 10:13 - 15043026 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-08 13:57 - 2014-06-28 19:08 - 00002220 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-08-08 13:42 - 2014-06-17 01:03 - 00226816 ___SH () C:\Users\Sisi\Downloads\Thumbs.db
2014-08-08 12:39 - 2013-11-07 13:34 - 00000916 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001Core.job
2014-08-08 12:11 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-08-07 20:45 - 2014-08-07 20:45 - 01057176 _____ (Adobe) C:\Users\Sisi\Downloads\install_flashplayer14x32_mssd_awc_aih(1).exe
2014-08-07 20:28 - 2014-06-28 18:32 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-07 17:42 - 2013-11-09 20:51 - 00000000 ____D () C:\Users\Sisi\AppData\Roaming\Skype
2014-08-07 14:30 - 2013-11-01 23:35 - 00000000 ____D () C:\Users\Sisi\Searches\Documents\Youcam
2014-08-07 12:14 - 2012-07-26 09:59 - 00000000 ____D () C:\windows\CbsTemp
2014-08-07 12:01 - 2013-11-09 20:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-06 14:02 - 2013-05-10 11:20 - 00728526 _____ () C:\windows\system32\perfh005.dat
2014-08-06 14:02 - 2013-05-10 11:20 - 00148542 _____ () C:\windows\system32\perfc005.dat
2014-08-06 14:02 - 2012-07-26 09:28 - 01717852 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-06 09:43 - 2014-08-08 11:31 - 00061632 _____ (StdLib) C:\windows\system32\Drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys
2014-08-05 18:40 - 2014-06-21 23:01 - 00000000 ____D () C:\Program Files (x86)\WebSpades
2014-08-02 19:46 - 2014-06-23 19:42 - 00000000 ____D () C:\windows\Minidump
2014-08-02 13:49 - 2014-08-02 13:49 - 01057176 _____ (Adobe) C:\Users\Sisi\Downloads\install_flashplayer14x32_mssd_awc_aih.exe
2014-08-01 18:44 - 2014-06-28 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 11:37 - 2014-08-01 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-29 19:06 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-16 13:26 - 2014-07-16 13:26 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-07-16 13:26 - 2014-07-16 13:26 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2014-07-12 23:02 - 2014-07-12 23:02 - 00428024 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-12 13:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 13:57 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 13:53 - 2014-02-03 17:51 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-11 14:26 - 2013-11-02 01:00 - 00000000 ____D () C:\windows\system32\MRT
2014-07-11 14:26 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\WinStore
2014-07-11 14:26 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 14:21 - 2013-11-02 00:59 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-11 14:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\ASC7_SkipUac_Sisi.job => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.job => C:\Program Files (x86)\Torntv V9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.job => C:\Program Files (x86)\Torntv V9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-6.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-7.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001Core.job => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001UA.job => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Sisi\Desktop" je 48 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Rudy** » 10 srp 2014 18:19

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Program Files (x86)\WebSpades
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [Facebook Update] => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-07] (Facebook Inc.)
C:\Users\Sisi\AppData\Local\Facebook\Update
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKCU - QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sisi\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
SearchScopes: HKLM - DefaultScope {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTe ... l&tsp=5285
SearchScopes: HKCU - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL =
SearchScopes: HKCU - {353DD7F6-6599-4E3E-B49A-ED18C80C20CA} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=^RY&apn_dtid=^YYYYYY^V3^CZ&apn_uid=0304465A-839A-4789-B942-E6E5B93280C2&apn_sauid=E250FE7F-E109-434D-A82D-5CE16658617F
SearchScopes: HKCU - {37E25BCB-F8EC-4F01-BA99-853D0F5646CC} URL = http://www.mysearchresults.com/search?c ... earchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll (installdaddy)
C:\Program Files (x86)\Torntv V9.0
BHO-x32: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll (installdaddy)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001UA.job
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001Core.job
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.job => C:\Program Files (x86)\Torntv V9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.job => C:\Program Files (x86)\Torntv V9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-6.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-7.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001Core.job => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001UA.job => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

vratkokuk · #3 Příspěvek od **vratkokuk** » 10 srp 2014 19:50

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01
Ran by Sisi at 2014-08-10 20:45:08 Run:1
Running from C:\Users\Sisi\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Program Files (x86)\WebSpades
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\...\Run: [Facebook Update] => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-07] (Facebook Inc.)
C:\Users\Sisi\AppData\Local\Facebook\Update
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
URLSearchHook: HKCU - QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Sisi\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
SearchScopes: HKLM - DefaultScope {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTe ... l&tsp=5285
SearchScopes: HKCU - {1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E} URL =
SearchScopes: HKCU - {353DD7F6-6599-4E3E-B49A-ED18C80C20CA} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_EU&apn_ptnrs=^RY&apn_dtid=^YYYYYY^V3^CZ&apn_uid=0304465A-839A-4789-B942-E6E5B93280C2&apn_sauid=E250FE7F-E109-434D-A82D-5CE16658617F
SearchScopes: HKCU - {37E25BCB-F8EC-4F01-BA99-853D0F5646CC} URL = http://www.mysearchresults.com/search?c ... earchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll (installdaddy)
C:\Program Files (x86)\Torntv V9.0
BHO-x32: Torntv V9.0 -> {11111111-1111-1111-1111-110511131190} -> C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll (installdaddy)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001UA.job
C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001Core.job
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.job => C:\Program Files (x86)\Torntv V9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-11.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.job => C:\Program Files (x86)\Torntv V9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-4.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-6.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-novainstaller.exe <==== ATTENTION
Task: C:\windows\Tasks\d482b050-aa11-4fed-8bb2-ab985fc36e11-7.job => C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-nova.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001Core.job => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238759670-2640318916-2737505659-1001UA.job => C:\Users\Sisi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
End
*****************

"C:\Program Files (x86)\WebSpades" directory move:

C:\Program Files (x86)\WebSpades\0 => Moved successfully.
C:\Program Files (x86)\WebSpades\7za.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\updateWebSpades.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\updateWebSpades.InstallState => Moved successfully.
C:\Program Files (x86)\WebSpades\WebSpades.ico => Moved successfully.
C:\Program Files (x86)\WebSpades\WebSpadesUninstall.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\7za.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\BrowserAdapter.7z => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\utilWebSpades.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\utilWebSpades.InstallState => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\WebSpades.BrowserAdapter.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\WebSpades.PurBrowse.zip => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\WebSpades.PurBrowse64.exe => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\WebSpadesBAApp.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\{2635ac50-5488-40bf-9bfd-accb158f8f3f}.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\{ed7eb956-75ed-460d-8f69-29a93b07afd1}.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\plugins\WebSpades.Bromon.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\plugins\WebSpades.BroStats.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\plugins\WebSpades.BrowserAdapter.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\plugins\WebSpades.CompatibilityChecker.dll => Moved successfully.
C:\Program Files (x86)\WebSpades\bin\plugins\WebSpades.PurBrowse.dll => Moved successfully.
Could not move "C:\Program Files (x86)\WebSpades" directory. => Scheduled to move on reboot.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKU\S-1-5-21-2238759670-2640318916-2737505659-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
C:\Users\Sisi\AppData\Local\Facebook\Update => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E}" => Key deleted successfully.
"HKCR\CLSID\{1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E}" => Key deleted successfully.
"HKCR\CLSID\{1FFC2B61-E21C-461D-AA00-DAAC1DF0E05E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{353DD7F6-6599-4E3E-B49A-ED18C80C20CA}" => Key deleted successfully.
"HKCR\CLSID\{353DD7F6-6599-4E3E-B49A-ED18C80C20CA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{37E25BCB-F8EC-4F01-BA99-853D0F5646CC}" => Key deleted successfully.
"HKCR\CLSID\{37E25BCB-F8EC-4F01-BA99-853D0F5646CC}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}" => Key deleted successfully.
"HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-10 20:47:17)<=

==> ATTENTION: System is not rebooted.
"C:\Program Files (x86)\WebSpades" => Directory could not move.

==== End of Fixlog ====

#4 Příspěvek od **Rudy** » 10 srp 2014 20:36

Restartujte PC. Nastala nějaká změna?

vratkokuk · #5 Příspěvek od **vratkokuk** » 11 srp 2014 16:36

No, už sa nám podarilo nainštalovať GoogleChrome čo nám predtým nešlo, ale neviem čo je toho príčinou, lebo sme zistili že akosi prestal fungovať Avast. Tak som ho odinštaloval, reštartoval ntb a Avast som nainštaloval znova a sním zrazu šiel nainštalovať i Gogle Chrome. Ďalej sa nedal nainštalovať FlashPlayer. Ten nemáme doposiaľ, lebo som chcel skúsiť ako funguje ntb a on sa mi zasekol TouchPad. Tak mi druhá dcéra poradila (má skoro identický ntb) aby som zaklapol ntb a že sa to preberie, že ona to tak robí. Tak som tak učinil, nechal som zaklapnutý asi 5 - 10 s a už sa nerozbehol (dcéra z toho bola celá prekvapkaná, netušila že sestrin ntb je takto v prdeli.). Zostal len čierny monitor, ntb nereagoval na podnety ale vypnutý nebol. Musel som ho násilne vypnúť.

vratkokuk · #6 Příspěvek od **vratkokuk** » 11 srp 2014 16:45

A tak som na to prišiel. Chyba, že touchpad nefungoval bola, že som stlačil kláves F6 a ten vypína/zapína touchpad.

#7 Příspěvek od **Rudy** » 11 srp 2014 16:58

Ještě bych poprosil o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

vratkokuk · #8 Příspěvek od **vratkokuk** » 11 srp 2014 18:53

Tak som skúsil spustiť Combofix 2x a 2x mi tam vyskočila tabulka "Application corrupt". Prvýkrát to stroskotalo pri fázy 5 a druhýkrát to stroskotalo chvíľku po zobrazení modrej informačnej tabuľky.
Tak som to spustil tretí krát a zdá sa že sa to dokončilo...

vratkokuk · #9 Příspěvek od **vratkokuk** » 11 srp 2014 19:14

Ale omyl. Ono sa to sice dokončilo, ale po reštarte tam bola zasa modrá tabuľka s informáciou že sa pripravuje Log Report a že nemám spúšťať žiadne aplikácie pokiaľ ComboFix nedokončí svoju činnosť. A zasa tam je tabuľka s oznámením "Application corrupt"

Čo teraz?

#10 Příspěvek od **Rudy** » 11 srp 2014 19:54

Zkuste to v nouz. režimu.

vratkokuk · #11 Příspěvek od **vratkokuk** » 13 srp 2014 13:35

Tak sa mi podarilo spustiť ntb s týmito "skvelými" W8 v núdzovom režime a v ňom spustiť ComboFix. Tu je Log:

ComboFix 14-08-06.02 - Sisi . 08. 2014 14:10:42.3.2 - x64 NETWORK
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.1914.1375 [GMT 2:00]
Spuštěný z: c:\users\Sisi\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
---- Předchozí spuštění -------
.
c:\program files (x86)\Torntv V9.0\ToRNtv v9.0-bho64.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-13 do 2014-08-13 )))))))))))))))))))))))))))))))
.
.
2014-08-13 12:15 . 2014-08-13 12:15 -------- d-----w- c:\users\Sisi\AppData\Local\temp
2014-08-13 12:15 . 2014-08-13 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-13 11:54 . 2014-06-26 20:53 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-13 11:54 . 2014-06-26 20:53 703968 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 11:11 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 11:11 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-10 16:40 . 2014-08-10 16:40 -------- d-----w- c:\users\Sisi\AppData\Roaming\AVAST Software
2014-08-10 16:39 . 2014-08-10 16:39 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-10 16:37 . 2014-08-10 16:36 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-10 16:37 . 2014-08-10 16:36 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-10 16:37 . 2014-08-10 16:36 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-10 16:37 . 2014-08-10 16:36 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-10 16:37 . 2014-08-10 16:36 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-10 16:37 . 2014-08-10 16:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-10 16:37 . 2014-08-10 16:36 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-10 16:36 . 2014-08-10 16:36 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-10 16:36 . 2014-08-10 16:36 43152 ----a-w- c:\windows\avastSS.scr
2014-08-10 16:35 . 2014-08-10 16:35 -------- d-----w- c:\program files\AVAST Software
2014-08-10 16:25 . 2014-08-10 16:25 5446 ----a-w- c:\users\Sisi\cc_20140810_182429.reg
2014-08-08 15:24 . 2014-08-10 18:47 -------- d-----w- C:\FRST
2014-08-08 09:31 . 2014-08-06 07:43 61632 ----a-w- c:\windows\system32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys
2014-07-16 11:26 . 2014-07-16 11:26 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-07-16 11:26 . 2014-07-16 11:26 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 11:21 . 2013-11-01 22:59 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-11 16:49 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-02 19:15 . 2014-07-02 19:15 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-19 15:02 . 2014-06-21 22:03 61120 ----a-w- c:\windows\system32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
2014-06-19 02:12 . 2014-07-12 11:54 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-06-19 02:12 . 2014-07-12 11:54 2239488 ----a-w- c:\windows\system32\wininet.dll
2014-06-19 02:12 . 2014-07-12 11:54 53760 ----a-w- c:\windows\system32\UXInit.dll
2014-06-19 02:12 . 2014-07-12 11:54 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-06-19 02:12 . 2014-07-12 11:54 1366528 ----a-w- c:\windows\system32\urlmon.dll
2014-06-19 02:11 . 2014-07-12 11:54 197120 ----a-w- c:\windows\system32\msrating.dll
2014-06-19 02:11 . 2014-07-12 11:54 97792 ----a-w- c:\windows\system32\mshtmled.dll
2014-06-19 02:11 . 2014-07-12 11:54 19277312 ----a-w- c:\windows\system32\mshtml.dll
2014-06-19 02:10 . 2014-07-12 11:54 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-06-19 02:10 . 2014-07-12 11:54 3959296 ----a-w- c:\windows\system32\jscript9.dll
2014-06-19 02:10 . 2014-07-12 11:54 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-06-19 02:10 . 2014-07-12 11:54 855552 ----a-w- c:\windows\system32\jscript.dll
2014-06-19 02:10 . 2014-07-12 11:54 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-06-19 02:10 . 2014-07-12 11:54 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-06-19 02:10 . 2014-07-12 11:54 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-06-19 02:10 . 2014-07-12 11:54 2650624 ----a-w- c:\windows\system32\iertutil.dll
2014-06-19 02:10 . 2014-07-12 11:54 255488 ----a-w- c:\windows\system32\iedkcs32.dll
2014-06-19 02:10 . 2014-07-12 11:54 15369728 ----a-w- c:\windows\system32\ieframe.dll
2014-06-19 02:10 . 2014-07-12 11:54 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-06-19 02:10 . 2014-07-12 11:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-06-19 02:09 . 2014-07-12 11:54 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-19 00:53 . 2014-07-12 11:54 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-19 00:53 . 2014-07-12 11:54 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2014-06-19 00:52 . 2014-07-12 11:54 2863616 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-06-19 00:52 . 2014-07-12 11:54 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-06-19 00:52 . 2014-07-12 11:54 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-06-19 00:52 . 2014-07-12 11:54 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-06-19 00:33 . 2014-07-12 11:54 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-19 00:30 . 2014-07-12 11:54 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-06-18 22:05 . 2014-07-12 11:54 534528 ----a-w- c:\windows\SysWow64\uxtheme.dll
2014-06-17 23:27 . 2014-07-09 17:59 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 17:59 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-11 04:18 . 2014-07-09 17:59 4038144 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 14:06 . 2014-07-09 17:37 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 17:37 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 17:51 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 17:58 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 17:58 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 17:58 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 17:58 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 17:40 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-20 11:57 . 2013-09-20 11:57 475136 ----a-w- c:\program files\setup.exe
2013-09-20 11:57 . 2013-09-20 11:57 2260992 ----a-w- c:\program files\openoffice401.msi
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}]
2014-06-21 21:00 590720 ----a-w- c:\program files (x86)\Torntv V9.0\Torntv V9.0-bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
"QIP Internet Guardian"="c:\users\Sisi\AppData\Roaming\QipGuard\QipGuard.exe" [2010-10-20 188416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2013-03-01 552960]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-10-31 168464]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 4085896]
.
c:\users\Sisi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
R2 ETDService;Elan Service;c:\program files\Elantech\ETDService.exe;c:\program files\Elantech\ETDService.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 Update WebSpades;Update WebSpades;c:\program files (x86)\WebSpades\updateWebSpades.exe;c:\program files (x86)\WebSpades\updateWebSpades.exe [x]
R2 Util WebSpades;Util WebSpades;c:\program files (x86)\WebSpades\bin\utilWebSpades.exe;c:\program files (x86)\WebSpades\bin\utilWebSpades.exe [x]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64;{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64;c:\windows\system32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys;c:\windows\SYSNATIVE\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys [x]
S1 {ed7eb956-75ed-460d-8f69-29a93b07afd1}w64;{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64;c:\windows\system32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys;c:\windows\SYSNATIVE\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-10 16:38 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-11 c:\windows\Tasks\ASC7_SkipUac_Sisi.job
- c:\program files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-06-28 15:37]
.
2014-08-13 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-21 20:59]
.
2014-08-11 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-21 20:59]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 16:37]
.
2014-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 16:37]
.
2014-06-28 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-06-28 15:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-06-28 17:08 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-10 16:36 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-04-24 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-04-24 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-04-24 442352]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-02-04 899680]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2013-03-05 1647616]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-05-10 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-05-10 191544]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Sisi\AppData\Roaming\Mozilla\Firefox\Profiles\tbc94ly8.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2014-08-13 14:18:47
ComboFix-quarantined-files.txt 2014-08-13 12:18
.
Před spuštěním: 72 875 741 184 bytes free
Po spuštění: 72 629 329 920 bytes free
.
- - End Of File - - ECCA16E7792C235D9883A8DF2DC93B20
5FB38429D5D77768867C76DCBDB35194

#12 Příspěvek od **Rudy** » 13 srp 2014 17:36

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}]

Driver::
c2cautoupdatesvc
c2cpnrsvc

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

vratkokuk · #13 Příspěvek od **vratkokuk** » 13 srp 2014 20:22

Dva krát som to skúšal a z toho raz v núdzovom režime, ale neviem či to prebehlo správne až do konca. V núdzuovom režime to ohlásilo zasa chybu a v normálnom režime to tiež akosi stroskotalo.

#14 Příspěvek od **Rudy** » 13 srp 2014 20:24

Koukněte, zda najdete soubor c:\combofix.txt. Pokud ano, zkopírujte sem jeho obsah.

vratkokuk · #15 Příspěvek od **vratkokuk** » 14 srp 2014 08:01

Ten log tam nie je.

VIRY.CZ

NTB se samovolně restartuje

NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje

Re: NTB se samovolně restartuje