Prosím o kontrolu Vyřešeno

[nermitus]

PC je poslednú dobu zpomalený a zasekáva sa

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:34:26, on 23. 8. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)

FIREFOX: 39.0 (x86 sk)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marek\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-21-3296281421-397883660-745250294-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5358 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[nermitus]

# AdwCleaner v4.203 - Logfile created 23/08/2015 at 22:22:41
# Updated 30/04/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Marek - MAREK-PC
# Running from : C:\Users\Marek\Desktop\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v39.0 (x86 sk)


-\\ Google Chrome v44.0.2403.157


-\\ Opera v31.0.1889.174


*************************

AdwCleaner[R6].txt - [1158 bytes] - [23/08/2015 22:22:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1217 bytes] ##########



Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 23. 8. 2015
Čas skenování: 22:24
Protokol: pp.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.23.05
Databáze rootkitů: v2015.08.16.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Marek

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368549
Uplynulý čas: 21 min, 8 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
Malware.Packer.Krunchy, C:\Users\Marek\Desktop\Skola\AKeylog.4.3.1.rar, , [44fd927ad9b240f69b732c39f8089b65],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[nermitus]

# AdwCleaner v4.203 - Logfile created 24/08/2015 at 12:45:29
# Updated 30/04/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Marek - MAREK-PC
# Running from : C:\Users\Marek\Desktop\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\SlimWare Utilities Inc
Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v39.0 (x86 sk)


-\\ Google Chrome v44.0.2403.157


-\\ Opera v31.0.1889.174


*************************

AdwCleaner[R6].txt - [1308 bytes] - [23/08/2015 22:22:41]
AdwCleaner[R7].txt - [1367 bytes] - [24/08/2015 12:44:40]
AdwCleaner[S3].txt - [1238 bytes] - [24/08/2015 12:45:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1297 bytes] ##########











~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Ultimate x64
Ran by Marek on po 24. 08. 2015 at 12:49:05,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Marek\AppData\Roaming\convert audio free
Successfully deleted: [Folder] C:\Users\Marek\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\Users\Marek\AppData\Roaming\productdata



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Marek\AppData\Roaming\mozilla\firefox\profiles\kbhmwv7t.default\extensions\staged



~~~ Chrome


[C:\Users\Marek\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Marek\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Marek\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Marek\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 24. 08. 2015 at 12:52:12,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~











Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 23. 8. 2015
Čas skenování: 22:24
Protokol: pf.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.23.05
Databáze rootkitů: v2015.08.16.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Marek

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368549
Uplynulý čas: 21 min, 8 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
Malware.Packer.Krunchy, C:\Users\Marek\Desktop\Skola\AKeylog.4.3.1.rar, Do karantény, [44fd927ad9b240f69b732c39f8089b65],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)








RogueKiller V10.10.2.0 (x64) [Aug 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Marek [Administrator]
Started from : C:\Users\Marek\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 08/24/2015 13:05:42

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] b7cfbae41ab0322ba25a21ee4ec7991b
[BSP] 7f068d5fd8d181efd202cd38f332f64d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[nermitus]

ComboFix 15-08-24.01 - Marek . 08. 2015 15:39:32.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4078.2995 [GMT 2:00]
Running from: c:\users\Marek\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2015-07-24 to 2015-08-24 )))))))))))))))))))))))))))))))
.
.
2015-08-24 13:46 . 2015-08-24 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-24 13:26 . 2015-08-24 13:46 -------- d-----w- c:\users\Marek\AppData\Local\Temp
2015-08-24 13:26 . 2015-08-24 13:06 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-24 12:35 . 2009-02-24 16:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2015-08-24 12:35 . 2009-02-24 16:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2015-08-23 20:22 . 2015-08-24 10:45 -------- d-----w- C:\AdwCleaner
2015-08-22 09:06 . 2015-08-22 09:06 -------- d-----w- c:\programdata\ATI
2015-08-22 09:03 . 2015-08-22 09:18 -------- d-----w- c:\users\Marek\AppData\Roaming\Raptr
2015-08-22 09:03 . 2015-08-22 09:05 -------- d-----w- c:\program files (x86)\Raptr
2015-08-21 09:13 . 2015-08-21 09:13 113880 ----a-w- c:\windows\system32\drivers\1B8A5873.sys
2015-08-17 07:21 . 2015-08-17 07:21 113880 ----a-w- c:\windows\system32\drivers\21724A05.sys
2015-08-15 08:04 . 2015-08-15 08:04 113880 ----a-w- c:\windows\system32\drivers\1B0E4E89.sys
2015-08-10 07:39 . 2015-08-10 07:39 113880 ----a-w- c:\windows\system32\drivers\1A4334CD.sys
2015-08-09 08:17 . 2015-08-09 08:17 113880 ----a-w- c:\windows\system32\drivers\4F450399.sys
2015-08-08 08:15 . 2015-08-08 08:15 113880 ----a-w- c:\windows\system32\drivers\65123499.sys
2015-08-07 05:21 . 2015-08-07 05:21 113880 ----a-w- c:\windows\system32\drivers\18AA611D.sys
2015-08-04 06:29 . 2015-08-04 06:29 107784 ----a-w- c:\windows\system32\amdave64.dll
2015-08-04 06:29 . 2015-08-04 06:29 100568 ----a-w- c:\windows\SysWow64\amdave32.dll
2015-08-04 06:25 . 2015-08-04 06:25 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-08-04 06:23 . 2015-08-04 06:23 21622784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-08-04 06:19 . 2015-08-04 06:19 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-08-04 06:18 . 2015-08-04 06:18 47785472 ----a-w- c:\windows\system32\amdocl64.dll
2015-08-04 06:14 . 2015-08-04 06:14 39714304 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-08-04 06:09 . 2015-08-04 06:09 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-04 06:09 . 2015-08-04 06:09 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-04 05:58 . 2015-08-04 05:58 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll
2015-08-04 05:57 . 2015-08-04 05:57 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-08-04 04:12 . 2015-08-04 04:12 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-08-04 04:12 . 2015-08-04 04:12 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-08-04 04:11 . 2015-08-04 04:11 6477312 ----a-w- c:\windows\system32\amdmantle64.dll
2015-08-04 03:43 . 2015-08-04 03:43 5068288 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-08-04 03:21 . 2015-08-04 03:21 93696 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-08-04 03:21 . 2015-08-04 03:21 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-08-04 02:55 . 2015-08-04 02:55 30752256 ----a-w- c:\windows\system32\atio6axx.dll
2015-08-04 02:32 . 2015-08-04 02:32 25299968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-08-04 02:25 . 2015-08-04 02:25 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-08-04 02:25 . 2015-08-04 02:25 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-08-04 02:25 . 2015-08-04 02:25 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-08-04 02:24 . 2015-08-04 02:24 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-08-04 02:24 . 2015-08-04 02:24 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-08-04 02:24 . 2015-08-04 02:24 15716864 ----a-w- c:\windows\system32\aticaldd64.dll
2015-08-04 02:21 . 2015-08-04 02:21 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-08-04 02:21 . 2015-08-04 02:21 50688 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-08-04 02:21 . 2015-08-04 02:21 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-08-04 02:07 . 2015-08-04 02:07 160256 ----a-w- c:\windows\system32\atieah64.exe
2015-08-04 02:07 . 2015-08-04 02:07 143872 ----a-w- c:\windows\SysWow64\atieah32.exe
2015-08-04 02:07 . 2015-08-04 02:07 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2015-08-04 02:07 . 2015-08-04 02:07 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2015-08-04 02:07 . 2015-08-04 02:07 29696 ----a-w- c:\windows\system32\atimuixx.dll
2015-08-04 02:07 . 2015-08-04 02:07 672768 ----a-w- c:\windows\system32\atieclxx.exe
2015-08-04 02:06 . 2015-08-04 02:06 246784 ----a-w- c:\windows\system32\atiesrxx.exe
2015-08-04 02:05 . 2015-08-04 02:05 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-08-04 01:48 . 2015-08-04 01:48 865792 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-08-04 01:48 . 2015-08-04 01:48 89088 ----a-w- c:\windows\system32\atisamu64.dll
2015-08-04 01:47 . 2015-08-04 01:47 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2015-08-04 01:43 . 2015-08-04 01:43 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-08-04 01:43 . 2015-08-04 01:43 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-08-04 01:42 . 2015-08-04 01:42 156672 ----a-w- c:\windows\system32\atig6txx.dll
2015-08-04 01:42 . 2015-08-04 01:42 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-08-04 01:42 . 2015-08-04 01:42 665088 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-08-04 01:37 . 2015-08-04 01:37 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll
2015-08-04 01:37 . 2015-08-04 01:37 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2015-08-04 01:35 . 2015-08-04 01:35 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-08-01 16:19 . 2015-08-01 16:19 -------- d-----w- c:\users\Marek\AppData\Roaming\TradeSkillMaster
2015-08-01 07:59 . 2015-08-18 19:57 -------- d-----w- c:\programdata\UPV
2015-07-30 09:21 . 2015-07-30 09:21 113880 ----a-w- c:\windows\system32\drivers\116B279C.sys
2015-07-27 08:28 . 2015-07-27 08:28 113880 ----a-w- c:\windows\system32\drivers\0C7A14BF.sys
2015-07-26 15:08 . 2015-07-26 15:08 -------- d-----w- c:\users\Marek\AppData\Roaming\JAM Software
2015-07-26 15:08 . 2015-07-26 15:08 -------- d-----w- c:\program files\JAM Software
2015-07-26 10:05 . 2015-07-26 10:10 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-24 13:34 . 2014-09-20 11:07 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-24 12:58 . 2014-12-03 16:07 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-11 20:00 . 2014-09-20 12:30 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-11 20:00 . 2014-09-20 12:30 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-04 06:28 . 2014-04-18 02:42 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-08-04 06:28 . 2014-04-18 02:42 1445224 ----a-w- c:\windows\system32\aticfx64.dll
2015-08-04 06:27 . 2014-04-18 02:42 8893160 ----a-w- c:\windows\system32\atiumd6a.dll
2015-08-04 06:27 . 2014-04-18 02:42 8779872 ----a-w- c:\windows\system32\atiumd64.dll
2015-08-04 02:07 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-08-04 01:43 . 2014-04-18 01:09 1247744 ----a-w- c:\windows\system32\atiadlxx.dll
2015-07-20 08:08 . 2015-07-20 08:08 113880 ----a-w- c:\windows\system32\drivers\6D5B6265.sys
2015-07-19 08:49 . 2015-07-19 08:49 113880 ----a-w- c:\windows\system32\drivers\320C334C.sys
2015-07-18 07:51 . 2015-07-18 07:51 113880 ----a-w- c:\windows\system32\drivers\2BA938D9.sys
2015-07-15 10:20 . 2015-07-15 10:20 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-07-15 10:20 . 2015-07-15 10:20 103424 ----a-w- c:\windows\system32\DelayAPO.dll
2015-07-14 08:15 . 2015-07-14 08:15 113880 ----a-w- c:\windows\system32\drivers\36671312.sys
2015-07-04 13:23 . 2014-11-24 17:36 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-18 06:41 . 2014-09-20 11:07 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-09-20 11:07 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-09-20 11:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-21 09:30 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20 20:00]
.
2015-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13 16:19]
.
2015-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-13 16:19]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kbhmwv7t.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Crusader Kings II Horse Lords_is1 - c:\program files (x86)\Paradox Interactive\Crusader Kings II Horse Lords\unins000.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
AddRemove-{BD2F10CE-5561-4A0A-BD82-EB56E87D4FFB}_is1 - c:\program files (x86)\Sports Interactive\unins000.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-08-24 15:48:30
ComboFix-quarantined-files.txt 2015-08-24 13:48
ComboFix2.txt 2015-04-03 20:13
ComboFix3.txt 2015-04-03 20:04
.
Pre-Run: 154 401 468 416 bytes free
Post-Run: 153 983 553 536 bytes free
.
- - End Of File - - BC2D4E93125523299CF677FF04214749
A36C5E4F47E84449FF07ED3517B43A31

[nermitus]

RogueKiller V10.10.2.0 (x64) [Aug 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Marek [Administrator]
Started from : C:\Users\Marek\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 08/24/2015 15:05:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost Deleted
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost Deleted

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[FIREFX:Addon] kbhmwv7t.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Deleted
[FIREFX:Addon] kbhmwv7t.default : Greasemonkey [{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] -> Deleted
[FIREFX:Addon] kbhmwv7t.default : HP Smart Web Printing [smartwebprinting@hp.com] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] b7cfbae41ab0322ba25a21ee4ec7991b
[BSP] 7f068d5fd8d181efd202cd38f332f64d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK





Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Marek on po 24. 08. 2015 at 15:06:52,35.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marek\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-03-160629.log 15270 bytes
C:\zoek-results2015-06-27-093858.log 7218 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Marek\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kbhmwv7t.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kbhmwv7t.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Paradox Interactive deleted
C:\Users\Marek\AppData\Roaming\ProductData deleted
C:\PROGRA~3\ProductData deleted
"C:\PROGRA~2\Sports Interactive" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kbhmwv7t.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20. 09. 2014 14:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20. 09. 2014 14:00]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kbhmwv7t.default
5950D438CD3DDF2DD50D9FA4E07A6C1C - C:\Users\Marek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 44.0.2403.157


AdBlock - Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Arcane Legends - Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ibmlkgieigeddcedpbijnpojheoddido
AdBlock - Marek\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj

==== Chromium Startpages ======================

C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences
ik.sk:443":{"supports_spdy":true},"www.searchd.co:443":{"supports_spdy":true},"www.warmane.com:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"youtube.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46005},"supports_spdy":true}},"supports_quic":{"address":"192.168.0.101","used_quic":true},"version":3}},"ntp":{"app_page_names":["Aplikácie"],"most_visited_blacklist":{"320e246f5d553ea4c5434e79eed8ef8f":null,"c742d1a26fa43dbdb52714830280c012":null,"e203e98e4c606735cf56db84a002fd22":null}},"partition":{"per_host_zoom_levels":{"2166136261":{"holldiruv-web.enjin.com":1.2239010857415449,"www.hackedonlinegames.com":2.2239010857415447,"www.sadbovezemiaky.sk":1.2239010857415449}}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Save as PDF\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":null,\"selectedDestinationName\":\"Uložiť ako PDF\",\"mediaSize\":{\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"width_microns\":210000,\"custom_display_name\":\"A4\"},\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\",\"dpi\":{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600},\"isCollateEnabled\":false,\"customMargins\":null,\"vendorOptions\":{},\"marginsType\":0}","savePath":"C:\\Users\\Marek\\Desktop"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]stream-a-ams1xx2sfcdnvideo5269.cz,*":{"setting":1},"http://exashare.com:80,http://najserialy.sk:80":{"setting":1},"http://www.agresori.com:80,http://www.agresori.com:80":{"setting":1},"http://www.playtvak.cz:80,http://www.playtvak.cz:80":{"setting":1},"https://www.facebook.com:443,https://www.facebook.com:443":{"setting":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"http://chatroulette.com:80,*":{"last_used":1437258000,"setting":1}},"media_stream_mic":{"http://chatroulette.com:80,*":{"last_used":1437258000,"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]stream-a-ams1xx2sfcdnvideo5269.cz,*":{"fullscreen":1},"http://exashare.com:80,http://najserialy.sk:80":{"fullscreen":1},"http://www.agresori.com:80,http://www.agresori.com:80":{"fullscreen":1},"http://www.playtvak.cz:80,http://www.playtvak.cz:80":{"fullscreen":1},"https://www.facebook.com:443,https://www.facebook.com:443":{"fullscreen":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"39.0.2171.71","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Marek","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{},"selectfile":{"last_directory":"C:\\Users\\Marek\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13079991044520209"},"translate_accepted_count":{"de":0,"en":0,"fa":0,"fr":0,"pl":1,"tr":0},"translate_blocked_languages":["cs","sk"],"translate_denied_count":{"en":2,"fr":2},"translate_denied_count_for_language":{"de":1,"en":2,"fa":1,"fr":2,"pl":0,"tr":2},"translate_last_denied_time":1.436384e+12,"translate_last_denied_time_for_language":{"de":1.43795e+12,"en":1.437659e+12,"fa":1.437951e+12,"fr":1.438457e+12,"pl":1440148975300.579,"tr":1.439643e+12},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"en":true,"fr":true,"tr":true},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"1CFE87E1054FBDA9B41D31BC8593EC33A829C427D845D589CF4D6D9A4C2CC093"},"default_search_provider":{"keyword":"1CDEF8BF69B7F19983839B022AAAEF2ADF33F8AA106C4490D78FC45D9E61E2E5","name":"4F521B4AF156B8A0C9D4A054F761704DDAD9E71F7D6A4F246C1954B77594463B","search_url":"9F4D6D8EF49B00221BBC2B57B52D50329B7591CEC8BEEFD8616FAABAA9307637"},"default_search_provider_data":{"template_url_data":"1F53025E322763E6428B61D5CF694780643A860D3982338EB9F3D43B82724445"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"58277967B00CE8EBFB05CABD2B41868FB6AF5BB461C3EB5221ABCBDBB4A9255B","ahfgeienlihckogmohjhadlkjgocpleb":"280A90FE5B5CDFC852C5343EF1E29DE5FC0E94BB2E924848C810BF736B5E301E","aohghmighlieiainnegkcijnfilokake":"D57F9DA953B9C7206078E34F07235B1953690F07B53ECA15BB94C6F4DBC5CACA","apdfllckaahabafndbhieahigkjlhalf":"4724C1F35C6ED88C00D062B877A7E9DBE007A8D06F9F51D42D8B02C7A2A1AB44","bepbmhgboaologfdajaanbcjmnhjmhfn":"B17CC83BA45DEDCDD82F257B917A0C7F611D509E9C73D7D3398D101F4EAE174A","blpcfgokakmgnkcojhhkbfbldkacnbeo":"E4F3E3B6FE4E9D60FCA69E911609ABA15BC2C32564EFD1A8F14855D4AC855A62","coobgpohoikkiipiblmjeljniedjpjpf":"593E5DA1EB41177E8C5D88A10F84D7801D9742E4B116EA69D77D2B1CDFD4912B","eemcgdkfndhakfknompkggombfjjjeno":"91F039B9DBF180CDD8C9F72AB50662E05C0668DC213D9A719DC7ECFEF6ECD86D","ennkphjdgehloodpbhlhldgbnhmacadg":"A40D3AC04D0F606BC8985598C59CD7E402E3896558C586EFA561268C0CABD38A","felcaaldnbdncclmgdcncolpebgiejap":"5FB07508064B03028A4FC287E5FB61C77D27DA10C05470934185998F244F6AFE","gfdkimpbcpahaombhbimeihdjnejgicl":"3B204E36C692616AC1389C1ED846A688BCF9B51D7A4635DFBFF619A38C7954C0","gighmmpiobklfepjocnamgkkbiglidom":"83C11E34D9CD573296FC484087D1143B5D96681934B40DEE099B815232BED5D8","ibmlkgieigeddcedpbijnpojheoddido":"3AE8CA6A5BBFB777BB90968909768F755D924844908EFE100C10611115EC5863","kmendfapggjehodndflmmgagdbamhnfd":"0901077343CE4E746B01F29284E535D44D85613E1B76A7B1B2E62A865BB68CB8","mfehgcgbbipciphmccgaenjidiccnmng":"7D8757092E033008AEAC548B6EF1391930248783055D708E0AEDF74E3ECAE481","mgndgikekgjfcpckkfioiadnlibdjbkf":"879744162EB98C046E59303059A5C60B32D5DDBEAF418E6557CA4F22FE4B49EB","mhjfbmdgcfjbbpaeojofohoefgiehjai":"096962EB9F066B0EEFB5DF5F4A59A48C913E0ACB71738D9BEDEB5219A48EAB06","neajdppkdcdipfabeoofebfddakdcjhd":"79AA2681F383AD41EA103519ACFCA4AB30AC11DD9B64228CAB6103EFA80AF3B5","nkeimhogjdpnpccoofpliimaahmaaome":"EA51928C50F7081F753B64A772910022FC47227CC3ED37596F4D584DCE2B0B89","nmmhkkegccagdldgiimedpiccmgmieda":"429BD60B2915A3C7D9A2D5A795EFDF4E335C47D4B7378388D82AB1DEE8E5969E","pjkljhegncpnkpknbcohdijeoejaedia":"2BFCA4EF5B1137B7F233F9958CAE3831625A61F4E0A73A2E07D7EDC3DE25908B"}},"google":{"services":{"account_id":"D7AB28C61DCE84784452366F23E176EAF7B0D70A2706DE493D2FFC0F11CAA591","last_username":"6D2A2D46099D52FF82B89AB65E3511172C13B7E46C8D539056055D5F8249101E","username":"EC0D338ED7B8C264862C9F7EDE6BDC9D28C96E592B5DEDEEBC13390DB35A14E4"}},"homepage":"F578293D7D55810D4B630A53B8E5534A711C89BE5525EBF2C8ED56923D9EDB52","homepage_is_newtabpage":"2C1D93D416230F86999B4BDF94E467820E7409C2CD2261529B34A55EE175E5AA","pinned_tabs":"36E942DE396843C628C5E632095E8D7F06092E180DD140823656F8105C5A03BE","prefs":{"preference_reset_time":"5191C9B74641FC97157B7495C15076D0E9027D506F12C6F23F2EBC1ABA66F3AC"},"profile":{"reset_prompt_memento":"C9D311CDD6B7CDEDEF7CCD5D5BBA0FC79E82B6CDC4DBD943AF2FF15075D68EEE"},"safebrowsing":{"incidents_sent":"75912D7FC8949F2397B243EF584D590956E48C9BAE1FC350A05F05C0479F4368"},"search_provider_overrides":"9ED41BA6B45A7AA34A8F15FF0CC22730E95759BAD67C1CE20BCE3F1377A0A948","session":{"restore_on_startup":"8DF12B3C39B97E1E875DF1BC6DB2A8141CBA302AAFA39DDF085374C1EBD52889","startup_urls":"C2A8BD8F8028D5F796C8267F04CAEBCAFF296319A5BFBFB7E68DF34A82CC2BC9"},"software_reporter":{"prompt_reason":"CC6A67D35325C26ADB8933B5C9C2039093B9D0F720C19ADE61004079E5350A84","prompt_seed":"51D5D5778B39C41321A59B3C5973F043E411E1549275013F686C2EBBAF7C1968","prompt_version":"D6BB4BFE788E6D2123938490CF47F1297F7F0E9AC3C60D186272A1D4F828D571"},"sync":{"remaining_rollback_tries":"7898E8BAC6CD20C2CF2C484596BEBA74E20FFD1BCAF3F2DAFF5EE585CD1DADF6"}},"super_mac":"601FEB30894FA989E2141BE228EE8788A1C14974B65112B5C5C36B6CFFEA6B49"}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully
C:\Users\Marek\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data-journal was reset successfully
C:\Users\Marek\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Marek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27129 folders=710 8992999003 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Marek\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Marek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 24. 08. 2015 at 15:34:54,88 ======================

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\1B8A5873.sys
c:\windows\system32\drivers\21724A05.sys
c:\windows\system32\drivers\1B0E4E89.sys
c:\windows\system32\drivers\1A4334CD.sys
c:\windows\system32\drivers\4F450399.sys
c:\windows\system32\drivers\65123499.sys
c:\windows\system32\drivers\18AA611D.sys
c:\windows\system32\drivers\116B279C.sys
c:\windows\system32\drivers\0C7A14BF.sys
c:\windows\system32\drivers\6D5B6265.sys
c:\windows\system32\drivers\320C334C.sys
c:\windows\system32\drivers\2BA938D9.sys
c:\windows\system32\drivers\36671312.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[nermitus]

ComboFix 15-08-24.01 - Marek . 08. 2015 21:39:36.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4078.2865 [GMT 2:00]
Running from: c:\users\Marek\Desktop\ComboFix.exe
Command switches used :: c:\users\Marek\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\0C7A14BF.sys"
"c:\windows\system32\drivers\116B279C.sys"
"c:\windows\system32\drivers\18AA611D.sys"
"c:\windows\system32\drivers\1A4334CD.sys"
"c:\windows\system32\drivers\1B0E4E89.sys"
"c:\windows\system32\drivers\1B8A5873.sys"
"c:\windows\system32\drivers\21724A05.sys"
"c:\windows\system32\drivers\2BA938D9.sys"
"c:\windows\system32\drivers\320C334C.sys"
"c:\windows\system32\drivers\36671312.sys"
"c:\windows\system32\drivers\4F450399.sys"
"c:\windows\system32\drivers\65123499.sys"
"c:\windows\system32\drivers\6D5B6265.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.28.1\goopdate.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.28.1\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine.dll
c:\program files (x86)\Google\Update\1.3.28.1\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser.dll
c:\program files (x86)\Google\Update\1.3.28.1\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\44.0.2403.157\44.0.2403.157_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{141FDC0A-1E72-427B-94EC-599988C9250D}\44.0.2403.130_44.0.2403.125_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{16EFCFCA-7BE9-4D1D-8A32-335253037EC1}\43.0.2357.134_43.0.2357.132_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{5FBFBC82-E349-4F3B-A5F6-DC5E442BCAD8}\44.0.2403.89_43.0.2357.134_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{78B963D2-C513-4C5E-BD9C-D373AAB4D2C4}\44.0.2403.107_44.0.2403.89_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{7FF76368-6055-4326-84DB-3F4DADDAF23D}\43.0.2357.132_chrome_installer.exe
c:\program files (x86)\Google\Update\Install\{8D26742D-3180-49AD-8172-E135D12A9A39}\44.0.2403.157_44.0.2403.155_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{9D17F43C-9BEB-4C1A-8C9B-5B4B717E0DCB}\44.0.2403.125_44.0.2403.107_chrome_updater.exe
c:\program files (x86)\Google\Update\Install\{D07D4882-F1CB-4145-AAC6-30904A251D97}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Install\{D2286CAB-E624-465A-BCA9-98D7BC8B3C93}\44.0.2403.155_44.0.2403.130_chrome_updater.exe
c:\windows\system32\drivers\0C7A14BF.sys
c:\windows\system32\drivers\116B279C.sys
c:\windows\system32\drivers\18AA611D.sys
c:\windows\system32\drivers\1A4334CD.sys
c:\windows\system32\drivers\1B0E4E89.sys
c:\windows\system32\drivers\1B8A5873.sys
c:\windows\system32\drivers\21724A05.sys
c:\windows\system32\drivers\2BA938D9.sys
c:\windows\system32\drivers\320C334C.sys
c:\windows\system32\drivers\36671312.sys
c:\windows\system32\drivers\4F450399.sys
c:\windows\system32\drivers\65123499.sys
c:\windows\system32\drivers\6D5B6265.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2015-07-24 to 2015-08-24 )))))))))))))))))))))))))))))))
.
.
2015-08-24 19:45 . 2015-08-24 19:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-08-24 19:45 . 2015-08-24 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-24 13:26 . 2015-08-24 19:47 -------- d-----w- c:\users\Marek\AppData\Local\Temp
2015-08-24 13:26 . 2015-08-24 13:06 24064 ----a-w- c:\windows\zoek-delete.exe
2015-08-24 12:35 . 2009-02-24 16:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2015-08-24 12:35 . 2009-02-24 16:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2015-08-23 20:22 . 2015-08-24 10:45 -------- d-----w- C:\AdwCleaner
2015-08-22 09:06 . 2015-08-22 09:06 -------- d-----w- c:\programdata\ATI
2015-08-22 09:03 . 2015-08-22 09:18 -------- d-----w- c:\users\Marek\AppData\Roaming\Raptr
2015-08-22 09:03 . 2015-08-22 09:05 -------- d-----w- c:\program files (x86)\Raptr
2015-08-04 06:29 . 2015-08-04 06:29 107784 ----a-w- c:\windows\system32\amdave64.dll
2015-08-04 06:29 . 2015-08-04 06:29 100568 ----a-w- c:\windows\SysWow64\amdave32.dll
2015-08-04 06:25 . 2015-08-04 06:25 297672 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2015-08-04 06:23 . 2015-08-04 06:23 21622784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2015-08-04 06:19 . 2015-08-04 06:19 235008 ----a-w- c:\windows\system32\clinfo.exe
2015-08-04 06:18 . 2015-08-04 06:18 47785472 ----a-w- c:\windows\system32\amdocl64.dll
2015-08-04 06:14 . 2015-08-04 06:14 39714304 ----a-w- c:\windows\SysWow64\amdocl.dll
2015-08-04 06:09 . 2015-08-04 06:09 65024 ----a-w- c:\windows\system32\OpenCL.dll
2015-08-04 06:09 . 2015-08-04 06:09 59392 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-08-04 05:58 . 2015-08-04 05:58 27535872 ----a-w- c:\windows\system32\amdocl12cl64.dll
2015-08-04 05:57 . 2015-08-04 05:57 22318592 ----a-w- c:\windows\SysWow64\amdocl12cl.dll
2015-08-04 04:12 . 2015-08-04 04:12 127488 ----a-w- c:\windows\system32\mantle64.dll
2015-08-04 04:12 . 2015-08-04 04:12 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2015-08-04 04:11 . 2015-08-04 04:11 6477312 ----a-w- c:\windows\system32\amdmantle64.dll
2015-08-04 03:43 . 2015-08-04 03:43 5068288 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2015-08-04 03:21 . 2015-08-04 03:21 93696 ----a-w- c:\windows\system32\mantleaxl64.dll
2015-08-04 03:21 . 2015-08-04 03:21 86528 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2015-08-04 02:55 . 2015-08-04 02:55 30752256 ----a-w- c:\windows\system32\atio6axx.dll
2015-08-04 02:32 . 2015-08-04 02:32 25299968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2015-08-04 02:25 . 2015-08-04 02:25 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2015-08-04 02:25 . 2015-08-04 02:25 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2015-08-04 02:25 . 2015-08-04 02:25 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2015-08-04 02:24 . 2015-08-04 02:24 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2015-08-04 02:24 . 2015-08-04 02:24 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2015-08-04 02:24 . 2015-08-04 02:24 15716864 ----a-w- c:\windows\system32\aticaldd64.dll
2015-08-04 02:21 . 2015-08-04 02:21 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2015-08-04 02:21 . 2015-08-04 02:21 50688 ----a-w- c:\windows\system32\amdmmcl6.dll
2015-08-04 02:21 . 2015-08-04 02:21 39424 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2015-08-04 02:07 . 2015-08-04 02:07 160256 ----a-w- c:\windows\system32\atieah64.exe
2015-08-04 02:07 . 2015-08-04 02:07 143872 ----a-w- c:\windows\SysWow64\atieah32.exe
2015-08-04 02:07 . 2015-08-04 02:07 204800 ----a-w- c:\windows\system32\amdgfxinfo64.dll
2015-08-04 02:07 . 2015-08-04 02:07 189952 ----a-w- c:\windows\SysWow64\amdgfxinfo32.dll
2015-08-04 02:07 . 2015-08-04 02:07 29696 ----a-w- c:\windows\system32\atimuixx.dll
2015-08-04 02:07 . 2015-08-04 02:07 672768 ----a-w- c:\windows\system32\atieclxx.exe
2015-08-04 02:06 . 2015-08-04 02:06 246784 ----a-w- c:\windows\system32\atiesrxx.exe
2015-08-04 02:05 . 2015-08-04 02:05 190976 ----a-w- c:\windows\system32\atitmm64.dll
2015-08-04 01:48 . 2015-08-04 01:48 865792 ----a-w- c:\windows\system32\coinst_15.20.dll
2015-08-04 01:48 . 2015-08-04 01:48 89088 ----a-w- c:\windows\system32\atisamu64.dll
2015-08-04 01:47 . 2015-08-04 01:47 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2015-08-04 01:43 . 2015-08-04 01:43 926720 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2015-08-04 01:43 . 2015-08-04 01:43 926720 ----a-w- c:\windows\SysWow64\atiadlxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2015-08-04 01:43 . 2015-08-04 01:43 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2015-08-04 01:42 . 2015-08-04 01:42 156672 ----a-w- c:\windows\system32\atig6txx.dll
2015-08-04 01:42 . 2015-08-04 01:42 141824 ----a-w- c:\windows\SysWow64\atigktxx.dll
2015-08-04 01:42 . 2015-08-04 01:42 665088 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2015-08-04 01:37 . 2015-08-04 01:37 102912 ----a-w- c:\windows\system32\hsa-thunk64.dll
2015-08-04 01:37 . 2015-08-04 01:37 102400 ----a-w- c:\windows\SysWow64\hsa-thunk.dll
2015-08-04 01:35 . 2015-08-04 01:35 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2015-08-01 16:19 . 2015-08-01 16:19 -------- d-----w- c:\users\Marek\AppData\Roaming\TradeSkillMaster
2015-08-01 07:59 . 2015-08-18 19:57 -------- d-----w- c:\programdata\UPV
2015-07-26 15:08 . 2015-07-26 15:08 -------- d-----w- c:\users\Marek\AppData\Roaming\JAM Software
2015-07-26 15:08 . 2015-07-26 15:08 -------- d-----w- c:\program files\JAM Software
2015-07-26 10:05 . 2015-07-26 10:10 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-24 19:47 . 2014-09-20 11:07 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-24 12:58 . 2014-12-03 16:07 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-08-11 20:00 . 2014-09-20 12:30 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-11 20:00 . 2014-09-20 12:30 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-04 06:28 . 2014-04-18 02:42 120144 ----a-w- c:\windows\system32\atiu9p64.dll
2015-08-04 06:28 . 2014-04-18 02:42 1445224 ----a-w- c:\windows\system32\aticfx64.dll
2015-08-04 06:27 . 2014-04-18 02:42 8893160 ----a-w- c:\windows\system32\atiumd6a.dll
2015-08-04 06:27 . 2014-04-18 02:42 8779872 ----a-w- c:\windows\system32\atiumd64.dll
2015-08-04 02:07 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2015-08-04 01:43 . 2014-04-18 01:09 1247744 ----a-w- c:\windows\system32\atiadlxx.dll
2015-07-15 10:20 . 2015-07-15 10:20 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-07-15 10:20 . 2015-07-15 10:20 103424 ----a-w- c:\windows\system32\DelayAPO.dll
2015-07-04 13:23 . 2014-11-24 17:36 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-18 06:41 . 2014-09-20 11:07 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2014-09-20 11:07 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2014-09-20 11:07 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-03-13 7451928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-04 767176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-21 09:30 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20 20:00]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\kbhmwv7t.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Crusader Kings II Horse Lords_is1 - c:\program files (x86)\Paradox Interactive\Crusader Kings II Horse Lords\unins000.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{8e70e4e1-06d7-470b-9f74-a51bef21088e} - c:\programdata\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe
AddRemove-{BD2F10CE-5561-4A0A-BD82-EB56E87D4FFB}_is1 - c:\program files (x86)\Sports Interactive\unins000.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Completion time: 2015-08-24 21:52:36 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-24 19:52
ComboFix2.txt 2015-08-24 13:48
ComboFix3.txt 2015-04-03 20:13
ComboFix4.txt 2015-04-03 20:04
.
Pre-Run: 153 233 735 680 bytes free
Post-Run: 153 036 754 944 bytes free
.
- - End Of File - - 1751D1026203EBF23F34FDD944493FD9
A36C5E4F47E84449FF07ED3517B43A31

[nermitus]

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-24 21:53:51
-----------------------------
21:53:51.432 OS Version: Windows x64 6.1.7601 Service Pack 1
21:53:51.432 Number of processors: 2 586 0x2A07
21:53:51.432 ComputerName: MAREK-PC UserName: Marek
21:54:10.137 Initialize success
21:54:10.215 VM: initialized successfully
21:54:10.215 VM: Intel CPU BiosDisabled
21:54:28.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
21:54:28.929 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
21:54:29.460 Disk 0 MBR read successfully
21:54:29.460 Disk 0 MBR scan
21:54:29.460 Disk 0 Windows 7 default MBR code
21:54:29.523 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
21:54:29.545 Disk 0 Boot: NTFS code=2
21:54:29.638 Disk 0 scanning C:\Windows\system32\drivers
21:54:40.147 Service scanning
21:55:17.336 Modules scanning
21:55:17.336 Disk 0 trace - called modules:
21:55:17.367 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:55:17.856 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be7060]
21:55:17.856 3 CLASSPNP.SYS[fffff8800185443f] -> nt!IofCallDriver -> [0xfffffa8004739520]
21:55:17.856 5 ACPI.sys[fffff88000f877a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004735680]
21:55:17.871 Disk 0 statistics 106521/0/0 @ 5,31 MB/s
21:55:17.871 Scan finished successfully
22:03:17.024 Disk 0 MBR has been saved successfully to "C:\Users\Marek\Desktop\MBR.dat"
22:03:17.031 The log file has been saved successfully to "C:\Users\Marek\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Vlož nový log z HJT + informuj o problémech.